Vulmon Recent Vulnerabilities Trends Blog About Contact

jira vulnerabilities and exploits

(subscribe to this query)

4
CVSSv2
CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from...
Atlassian JiraAtlassian Jira 8.10.0Atlassian Jira Software Data CenterAtlassian Jira Software Data Center 8.10.0
3.5
CVSSv2
CVE-2015-8481
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain...
Atlassian Jira Core 7.0.3Atlassian Jira 7.0.3Atlassian Jira Service Desk 3.0.3
5
CVSSv2
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability....
Atlassian JiraAtlassian Jira Software Data Center
3.5
CVSSv2
CVE-2020-14173
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2,...
Atlassian JiraAtlassian Jira Software Data Center
5
CVSSv2
CVE-2020-4028
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure...
Atlassian JiraAtlassian Jira Software Data Center
4
CVSSv2
CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0....
Atlassian JiraAtlassian Jira Software Data Center
4.3
CVSSv2
CVE-2019-20405
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability....
Atlassian JiraAtlassian Jira Software Data Center
4
CVSSv2
CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability....
Atlassian JiraAtlassian Jira Software Data Center
3.5
CVSSv2
CVE-2020-14184
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version...
Atlassian JiraAtlassian Jira 8.13.0
4
CVSSv2
CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and...
Atlassian JiraAtlassian Jira Software Data Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-2109NULL pointer dereferenceCVE-2021-1300local usersCVE-2021-1250CVE-2020-6207dosCVE-2021-1249CVE-2020-11214