jira vulnerabilities and exploits

(subscribe to this query)

NA

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors....

Atlassian Jira 6.0 Atlassian Jira 6.0.2 Atlassian Jira Atlassian Jira 6.0.11 EDB exploit available1 Metasploit module available

5.9

CVSSv3

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM)...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

6.1

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

5.3

CVSSv3

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

4.3

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2....

Atlassian Jira Atlassian Jira Server Atlassian Jira Data Center

7.5

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version...

Atlassian Jira Atlassian Jira Software Data Center Atlassian Jira Server

6.5

CVSSv3

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center...

Atlassian Jira Service Management Atlassian Jira Data Center Atlassian Jira Server Atlassian Jira Service Desk7 Github repositories available

5.3

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version...

Atlassian Jira Data Center Atlassian Jira Server15 Github repositories available

4.3

CVSSv3

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability....

Atlassian Jira Server Atlassian Jira Data Center

4.9

CVSSv3

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability....

Atlassian Jira Atlassian Jira Software Data Center

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook