Lucene search
K

25280 matches found

Nuclei
Nuclei
added 14 hours ago19 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.3AI score0.16239EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago53 views

GitLab Enterprise Edition - Server-Side Request Forgery

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...

7CVSS7AI score0.03506EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago51 views

Jira < 8.1.1 - Cross-Site Scripting

Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. id: CVE-2019-3402 info: name: Jira 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site...

6.1CVSS6.4AI score0.08947EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago44 views

Jira Rainbow.Zen - Cross-Site Scripting

Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2007-0885 info: name: Jira Rainbow.Zen - Cross-Site Scripting author: geeknik severity: medium...

6.8CVSS6.2AI score0.05472EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago57 views

Atlassian Jira Server-Side Template Injection

Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and...

9.8CVSS7.2AI score0.84621EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago109 views

Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. id: CVE-2018-20824 info: name: Atlassian Jira WallboardServlet 7.13.1 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.37577EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago52 views

Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting

Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations. id: CVE-2020-9344 info: name: Jira Subversion ALM for Enterprise 8.8.2 - Cross-Site Scripting author: madrobot severity: medium description: Jira Subversion ALM for Enterprise befo...

6.1CVSS6.4AI score0.05198EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago52 views

Jira Netic Group Export <1.0.3 - Missing Authorization

Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a...

5.3CVSS6.3AI score0.2568EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago102 views

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

9.8CVSS7.1AI score0.99426EPSS
Exploits7References6
Nuclei
Nuclei
added 14 hours ago45 views

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

7.5CVSS7AI score0.11615EPSS
Exploits7References5
Nuclei
Nuclei
added 14 hours ago112 views

Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...

5.3CVSS6.3AI score0.23086EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday69 views

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

7.5CVSS7AI score0.47907EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday50 views

Jira - Local File Inclusion

Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. id: CVE-2019-8442 info: name: Jira - Local File Inclusion author:...

7.5CVSS7AI score0.59832EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday49 views

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...

5.3CVSS6.4AI score0.12719EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday35 views

Jira Improper Authorization

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. id: CVE-2019-8446 info: name: Jira Improper Authorization author: dhiyaneshDk severity: medium description: The /rest/issueNav/1/issueTable...

5.3CVSS6.3AI score0.1755EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago33 views

Atlassian Jira Seraph - Authentication Bypass

Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also...

9.8CVSS7.1AI score0.88057EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago48 views

Jira - Incorrect Authorization

Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. id: CVE-2019-3403...

5.3CVSS6.5AI score0.52637EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago43 views

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure

Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names. id: CVE-2020-14179 info: name: Atlassian Jira Server/Data Cente...

5.3CVSS6.6AI score0.76042EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago47 views

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery

The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via...

6.1CVSS6.4AI score0.71601EPSS
Exploits1References5
Nuclei
Nuclei
added 4 days ago77 views

Jira <8.4.0 - Information Disclosure

Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-8449 info: name: Jira 8.4...

5.3CVSS6.3AI score0.84771EPSS
Exploits8References5
Rows per page
Query Builder