Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jira vulnerabilities and exploits

(subscribe to this query)

6.1
CVSSv3
CVE-2021-39111
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of...
Atlassian Data CenterAtlassian Jira Data CenterAtlassian JiraAtlassian Jira Server
5.3
CVSSv3
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version...
Atlassian JiraAtlassian Jira Server
4.3
CVSSv3
CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability....
Atlassian Jira ServerAtlassian Jira
5.3
CVSSv3
CVE-2018-13391
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version...
Atlassian Jira ServerAtlassian Jira
5.4
CVSSv3
CVE-2018-20232
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location...
Atlassian Jira ServerAtlassian Jira
6.1
CVSSv3
CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter....
Atlassian JiraAtlassian Jira Server 8.6.0
NA
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors....
Atlassian JiraAtlassian Jira 6.0.3Atlassian Jira 6.0.1Atlassian Jira 6.0.2Atlassian Jira 6.0
4.3
CVSSv3
CVE-2019-20405
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability....
Atlassian Jira ServerAtlassian Jira Data Center
5.3
CVSSv3
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version...
Atlassian Jira Data CenterAtlassian Jira Server
5.3
CVSSv3
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability....
Atlassian JiraAtlassian Jira Software Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XML injectionCVE-2022-34713log injectionCVE-2022-20384CVE-2022-20382CVE-2022-20251CVE-2022-31656CVE-2021-0975path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook