Lucene search

K

Jira Core Server Security Vulnerabilities

cve
cve

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and.....

9.8CVSS

9.1AI Score

0.008EPSS

2022-07-20 06:15 PM
126
8
cve
cve

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability:...

8.8CVSS

9AI Score

0.003EPSS

2022-07-20 06:15 PM
79
8
cve
cve

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0.....

6.5CVSS

6.2AI Score

0.028EPSS

2022-06-30 06:15 AM
87
9
cve
cve

CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before...

9.8CVSS

9.5AI Score

0.228EPSS

2022-04-20 07:15 PM
255
3
cve
cve

CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if....

6.5CVSS

6.4AI Score

0.002EPSS

2018-04-10 01:29 PM
37
cve
cve

CVE-2015-8481

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information.....

3.1CVSS

4AI Score

0.001EPSS

2016-01-08 07:59 PM
22