Lucene search

K
atlassianSecurity-metrics-botATLASSIAN:JRASERVER-72052
HistoryFeb 02, 2021 - 9:59 a.m.

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-0209:59:24
security-metrics-bot
jira.atlassian.com
293

EPSS

0.061

Percentile

93.6%

Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

The affected versions are before version 8.15.0.

Affected versions:

  • version < 8.15.0

Fixed versions:

  • 8.15.0