26 matches found
EUVD-2019-17838
Malware in sbrugna...
EUVD-2019-3258
Malware in sbrugna...
EUVD-2018-13368
Malware in sbrugna...
CVE-2023-30453
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...
CVE-2022-44726
The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view...
Atlassian Jira 8.0.0 < 8.1.0 Csrf Via Logging And Profiling Feature
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.13.3 or 8.0.0 prior to 8.1.0 . It is, therefore, affected by a vulnerability which permits remote attackers to modify logging and profiling settings via a cross-site...
Atlassian Jira 8.18.0 < 8.18.1 Reverse Tabnapping Via Project Shortcuts
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.15, 8.6.x 8.13.7, 8.14.0 8.17.1 or 8.18.0 8.18.1. It is, therefore, affected by a vulnerability in the Project Shortcuts feature which allows remote attackers to redirect...
Atlassian Jira < 8.5.15 Reverse Tabnapping Via Project Shortcuts
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.15, 8.6.x 8.13.7, 8.14.0 8.17.1 or 8.18.0 8.18.1. It is, therefore, affected by a vulnerability in the Project Shortcuts feature which allows remote attackers to redirect...
Atlassian Jira 8.6.x < 8.13.1 Cross-Site Request Forgery
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x prior to 8.13.1. It is, therefore, affected by a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referr...
Atlassian Jira < 8.5.14 Arbitrary File Read
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x 8.13.6 or 8.14.x 8.16.1. It is, therefore, affected by a path traversal vulnerability in the /WEB-INF/web.xml endpoint allowing remote attackers to read particul...
Atlassian Jira 8.6.x < 8.13.6 Arbitrary File Read
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x 8.13.6 or 8.14.x 8.16.1. It is, therefore, affected by a path traversal vulnerability in the /WEB-INF/web.xml endpoint allowing remote attackers to read particul...
CVE-2017-18113
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability. The vulnerability allowed for...
Upgrade bundled Java to 8u292+
Currently our latest available Jira version includes AdoptOpenJDK 1.8.0275, which does not include a fix for the following vulnerabilities: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20 It affects AdoptOpenJDK up to 1.8.0282, so we should bundle Jira with AdoptOpenJDK 1.8.02...
IDOR Disclosure of Private Project Titles
h3. Issue Summary Prerequisite:- Make sure to edit the hosts file in Linux located at /etc/hosts/ adding an entry as jira.hack Setup jira and create a new user account which can be achieved by navigating to User Management Users Create User and setting the Application Access to Jira-core. ...
CVE-2019-3403
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check...
jira.be-mobile.be XSS vulnerability
Open Bug Bounty ID: OBB-604386 Description| Value ---|--- Affected Website:| jira.be-mobile.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Filter Subscription emails should not be sent to deactivated users.
h3. Summary Email Filter Subscriptions are still sent after an user is marked as deactivated. h3. Steps to Reproduce Create a user belonging to jira-users group Deactivate the user Create a filter and subscribed to jira-users group Filter used: issuekey in issueHistory ORDER BY lastViewed DESC...
Best Practices for Configuring JIRA Security
h5. Issue Summary Can a documentation containing a collection of best practices for securing a JIRA instance be created similar to this one|https://confluence.atlassian.com/doc/best-practices-for-configuring-confluence-security-216433533.html/?ga=2.68524696.801198909.1495105182-524443449.14914597...
Atlassian JIRA 7.2.x < 7.2.4 XSS
Binary data 9919.prm...
Add global option "Enable group <anyone>"
As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects to unauthenticated users. I tend to think that in 90% of Jira instances that group has no use and is just a security risk dangling over our heads. I would suggest an opti...