Atlassian Jira 7.7.0 < 7.13.9 Information Disclosure In Comment Restriction Feature

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.0. It is, therefore, affected by a vulnerability which permits remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment...

Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

h3. Issue Summary spring-beans is vulnerable to CVE-2022-22970 This is reproducible on Data Center: yes h3. Steps to Reproduce Install Confluence 7.13.9 Step 2 h3. Expected Results Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher h3. Actual Results...

Atlassian Jira < 7.6.17 / 7.7.x < 7.13.9 / 8.0.x < 8.4.2 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.6.17, or 7.7.x prior to 7.13.9, or version 8.0.x prior to 8.4.2. It is, therefore, affected by a Information Disclosure vulnerability. - A remote attackers to view sensitive...

CVE-2019-20414

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2...

CVE-2019-20412

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0...

CVE-2019-20412

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...

CSRF on Wallboard endpoint - CVE-2019-20411

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...

Atlassian JIRA < 7.13.9 / 8.x < 8.3.3 XSS (JRASERVER-69790)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.9, or 8.x prior to 8.3.3 / 8.4.0. It is, therefore, affected by a cross-site scripting XSS vulnerability. The vulnerability exists in the FilterPickerPopup.jspa resource...