jira vulnerabilities and exploits

(subscribe to this query)

5.3

CVSSv3

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure...

Atlassian Jira Atlassian Jira Software Data Center

6.5

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0....

Atlassian Jira Atlassian Jira Software Data Center

4.9

CVSSv3

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability....

Atlassian Jira Atlassian Jira Software Data Center

5.3

CVSSv3

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability....

Atlassian Jira Atlassian Jira Software Data Center

5.4

CVSSv3

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

5.4

CVSSv3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

6.5

CVSSv3

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

6.1

CVSSv3

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a...

Atlassian Jira Atlassian Jira Server Atlassian Jira Software Data Center Atlassian Jira Data Center

9.8

CVSSv3

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0...

Atlassian Jira Service Management Atlassian Jira Data Center Atlassian Jira Server10 Github repositories available1 Article available

5.4

CVSSv3

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability....

Atlassian Data Center Atlassian Jira Data Center Atlassian Jira Atlassian Jira Server

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook