Lucene search

K

Jira Service Desk Server Security Vulnerabilities

cve
cve

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment.....

5.7CVSS

5.5AI Score

0.001EPSS

2022-07-26 08:15 AM
33
8
cve
cve

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and.....

9.8CVSS

9.1AI Score

0.008EPSS

2022-07-20 06:15 PM
126
8
cve
cve

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability:...

8.8CVSS

9AI Score

0.003EPSS

2022-07-20 06:15 PM
79
8
cve
cve

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0.....

6.5CVSS

6.2AI Score

0.028EPSS

2022-06-30 06:15 AM
87
9
cve
cve

CVE-2021-39115

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected...

7.2CVSS

7.7AI Score

0.002EPSS

2021-09-01 11:15 PM
52
cve
cve

CVE-2020-14180

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions...

4.3CVSS

4.4AI Score

0.001EPSS

2020-09-21 01:15 AM
55
cve
cve

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html...

4.8CVSS

4.7AI Score

0.002EPSS

2020-07-01 02:15 AM
79
2
cve
cve

CVE-2019-15004

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view...

7.5CVSS

6.1AI Score

0.003EPSS

2019-11-07 04:15 AM
115
cve
cve

CVE-2019-15003

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view...

5.3CVSS

5.5AI Score

0.002EPSS

2019-11-07 04:15 AM
110
cve
cve

CVE-2019-14994

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and...

7.5CVSS

7.3AI Score

0.002EPSS

2019-09-19 03:15 PM
120
cve
cve

CVE-2015-8481

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information.....

3.1CVSS

4AI Score

0.001EPSS

2016-01-08 07:59 PM
22