Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113785
HistoryMar 14, 2023 - 12:00 a.m.

Atlassian Jira 8.0.0 < 8.1.1 Multiple Vulnerabilities

2023-03-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
atlassian jira
version 8.0.0
vulnerabilities
xss
cross site scripting
cve-2019-3402
username enumeration
managefilters.jspa
application security

EPSS

0.005

Percentile

77.6%

JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities:

  • A vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter (CVE-2019-3402).

  • A vulnerability which allows remote attackers to enumerate usernames via an incorrect authorisation check in the ManageFilters.jspa resource (CVE-2019-3401).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

Related

nessus 3
prion 2
nvd 2
symantec 2
nuclei 2
atlassian 4
cve 2
cvelist 2
nessus
nessus
Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 7.13.x < 7.13.3, 8.x < 8.1.1 Cross-Site Scripting Vulnerability
2019-10-25 00:00:00
Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability
2019-10-25 00:00:00
prion
prion
Cross site scripting
2019-05-22 18:29:00
Authentication flaw
2019-05-22 18:29:00
nvd
nvd
CVE-2019-3402
2019-05-22 18:29:00
CVE-2019-3401
2019-05-22 18:29:00
symantec
symantec
Atlassian JIRA CVE-2019-3402 Cross Site Scripting Vulnerability
2019-04-29 00:00:00
Atlassian JIRA CVE-2019-3401 Information Disclosure Vulnerability
2019-04-29 00:00:00
nuclei
nuclei
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
2020-07-06 15:56:34
Jira < 8.1.1 - Cross-Site Scripting
2020-11-06 10:28:11
atlassian
atlassian
XSS in the ConfigurePortalPages.jspa resource - CVE-2019-3402
2019-04-29 03:59:50
XSS in the ConfigurePortalPages.jspa resource - CVE-2019-3402
2019-04-29 03:59:50
Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401
2019-04-29 04:02:02
cve
cve
CVE-2019-3402
2019-05-22 18:29:00
CVE-2019-3401
2019-05-22 18:29:00
cvelist
cvelist
CVE-2019-3402
2019-05-22 17:38:01
CVE-2019-3401
2019-05-22 17:27:33

EPSS

0.005

Percentile

77.6%

JSON
Related for WEB_APPLICATION_SCANNING_113785
nessus3prion2nvd2symantec2nuclei2atlassian4cve2cvelist2