Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.13.4 release and security update

Red Hat AMQ Broker 7.13.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

VulnCheck KEV: CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes

Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...

Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to inject arbitrary HTM...

Elasticsearch 7.13.4 Security Update

Elasticsearch memory disclosure issue ESA-2021-16 A memory disclosure vulnerability was identified in Elasticsearch’s error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing...

CVE-2020-14167

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service DoS vulnerability...

Atlassian JIRA < 7.13.4 / 8.0.x < 8.1.0 Epic Name DoS (SB19-182)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a unspecified flaw in 'Epic Name' ordering operations. A remote, authenticated attacker could cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network...

Information disclosure

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability...

CVE-2019-8443

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to...

Atlassian JIRA Information Disclosure Vulnerability (CNVD-2019-15739)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in the CachingResourceDownloadRewriteRule class in Atlassian Jira versions prior to 7.13.4, prio...