3 matches found
Atlassian Jira 8.0.0 < 8.5.5 Xss In Xml Export View
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.16, 8.0.0 prior to 8.5.5 or 8.6.0 prior to 8.8.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via ...
Atlassian Jira 8.0.0 < 8.5.0 Csrf On Wallboard Endpoint
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.0. It is, therefore, affected by a vulnerability which permits remote attackers to modify Wallboard settings via a Cross-site request forgery CSRF vulnerability. Note that...
Remove url parameter support for os_username, os_password
Putting credentials in request parameters is likely to lead to those credentials being logged in access logs. h4. Workaround The following workaround is available in Jira 8.0.0 and higher versions. If you wish to prevent users from authenticating using url parameters, specifying their username &...