Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113784
HistoryMar 14, 2023 - 12:00 a.m.

Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities

2023-03-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
atlassian jira
version 7.13.0
version 7.13.4
version 8.0.0
version 8.1.1
remote attackers
cross site scripting
xss vulnerability
cve-2019-3402
username enumeration
incorrect authorization check
cve-2019-3401
scanner

0.005 Low

EPSS

Percentile

77.6%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities:

  • A vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter (CVE-2019-3402).

  • A vulnerability which allows remote attackers to enumerate usernames via an incorrect authorisation check in the ManageFilters.jspa resource (CVE-2019-3401).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
atlassianjira*cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Related

nessus 3
symantec 2
nvd 2
prion 2
nuclei 2
cvelist 2
atlassian 4
cve 2
nessus
nessus
Atlassian Jira 8.0.0 < 8.1.1 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability
2019-10-25 00:00:00
Atlassian Jira 7.13.x < 7.13.3, 8.x < 8.1.1 Cross-Site Scripting Vulnerability
2019-10-25 00:00:00
symantec
symantec
Atlassian JIRA CVE-2019-3402 Cross Site Scripting Vulnerability
2019-04-29 00:00:00
Atlassian JIRA CVE-2019-3401 Information Disclosure Vulnerability
2019-04-29 00:00:00
nvd
nvd
CVE-2019-3402
2019-05-22 18:29:00
CVE-2019-3401
2019-05-22 18:29:00
prion
prion
Cross site scripting
2019-05-22 18:29:00
Authentication flaw
2019-05-22 18:29:00
nuclei
nuclei
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
2020-07-06 15:56:34
Jira < 8.1.1 - Cross-Site Scripting
2020-11-06 10:28:11
cvelist
cvelist
CVE-2019-3402
2019-05-08 00:00:00
CVE-2019-3401
2019-05-08 00:00:00
atlassian
atlassian
Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401
2019-04-29 04:02:02
Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401
2019-04-29 04:02:02
XSS in the ConfigurePortalPages.jspa resource - CVE-2019-3402
2019-04-29 03:59:50
cve
cve
CVE-2019-3401
2019-05-22 18:29:00
CVE-2019-3402
2019-05-22 18:29:00

0.005 Low

EPSS

Percentile

77.6%

JSON
Related for WEB_APPLICATION_SCANNING_113784
nessus3symantec2nvd2prion2nuclei2cvelist2atlassian4cve2