Elasticsearch 8.0.x < 8.13.3 / 7.17.21 (ESA-2024-25)

The version of Elasticsearch installed on the remote host is prior to 7.17.21 or 8.13.3. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-25 advisory. - An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception...

Elastic Defend 安全漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A security vulnerability exists in Elastic Defend 8.13.3 and prior versions, which stems from an...

Atlassian Jira < 8.13.3 Anonymous Whitelist Rules Leakage

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x prior to 8.14.1. It is, therefore, affected by a Broken Access Control vulnerability that allows anonymous remote attackers to view whitelist rules in the...

CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1...

CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1...

Atlassian Jira < 8.13.3 Broken Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.3 or 8.14.x 8.14.1. It is, therefore, affected by a broken authentication vulnerability in the makeRequest gadget resource allowing remote attackers to evade...

Atlassian Jira < 8.13.3 / 8.14.x < 8.14.1 Broken Authentication (JRASERVER-72029)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by a broken authentication vulnerability in the makeRequest gadget resource. An unauthenticated, remote attacker can exploit this issue to evade behind-the-firewall protection...

CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

Atlassian JIRA < 8.5.11 / 8.6.x < 8.13.3 / 8.14.x < 8.14.1 Information Disclosure (JRASERVER-72000)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by an information disclosure vulnerability. A remote, authenticated attacker can exploit this to enumerate Jira projects in the Jira Projects plugin report page. Note that...

Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...