13 matches found
GHSA-QVMC-92VG-6R35 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
Atlassian Jira 8.6.x < 8.12.2 Information Disclosure
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...
Atlassian Jira 8.x < 8.5.9 Information Disclosure
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...
Atlassian Jira < 7.13.18 Information Disclosure
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...
Code injection
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...
CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...
CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...
Authentication flaw
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...
CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types;...
CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in linked issue keys...
CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in linked issue keys...
Service Desk mail handler create comments in other JIRA issues if subject have valid issues keys
h3. Summary Service Desk mail handler create comments in other JIRA issues if email subject have valid issues keys of issues from other JIRA Projects. h3. Environment Cloud h3. Steps to Reproduce Create a SD project Setup the mail handler Create another project and create an issue on it. Send an...