jira vulnerabilities and exploits

(subscribe to this query)

3.5

CVSSv2

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain...

Atlassian Jira Core 7.0.3 Atlassian Jira 7.0.3 Atlassian Jira Service Desk 3.0.3

4

CVSSv2

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control...

Atlassian Jira Atlassian Jira 8.6.0 Atlassian Jira Software Data Center Atlassian Jira Software Data Center 8.6.0

3.5

CVSSv2

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version...

Atlassian Jira Atlassian Jira 8.13.0

5.8

CVSSv2

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter....

Atlassian Jira Atlassian Jira 8.6.0

9

CVSSv2

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator...

Atlassian Jira Atlassian Jira 8.4.01 Github repository available1 Article available

4

CVSSv2

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability....

Atlassian Jira Atlassian Jira Software Data Center

5

CVSSv2

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version...

Atlassian Jira Atlassian Jira Software Data Center

3.5

CVSSv2

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a...

Atlassian Jira Atlassian Jira Software Data Center

4.3

CVSSv2

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version...

Atlassian Jira Atlassian Jira Software Data Center

3.5

CVSSv2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before...

Atlassian Jira Atlassian Jira Software Data Center

Get Started

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook