Lucene search
K

47 matches found

vulnrichment
vulnrichment
added 2021/04/14 11:45 p.m.17 views

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

6.1AI score0.0161EPSS
Exploits0References1
prion
prion
added 2021/04/01 3:15 a.m.23 views

Cross site request forgery (csrf)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

3.5CVSS4AI score0.0049EPSS
Exploits0References1Affected Software4
nvd
nvd
added 2021/03/22 5:15 a.m.27 views

CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

7.2CVSS0.01955EPSS
Exploits0References1
nessus
nessus
added 2021/02/04 12:0 a.m.30 views

Atlassian JIRA < 8.5.10 / 8.6.x < 8.13.2 Information Disclosure (JRASERVER-72002)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by an information disclosure vulnerability in its boards component due to missing permission checks. An authenticated, remote attacker can exploit this, to enumerate board...

4.3CVSS5.3AI score0.012EPSS
Exploits0References2
atlassian
atlassian
added 2021/01/27 4:1 a.m.85 views

Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

7.2CVSS6.3AI score0.01955EPSS
Exploits0Affected Software1
atlassian
atlassian
added 2020/10/11 11:20 p.m.25 views

Security improvements to the Velocity Uberspector

This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...

6.3AI score
Exploits0
osv
osv
added 2018/11/28 5:29 p.m.18 views

UBUNTU-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

7.5CVSS6.8AI score0.41288EPSS
Exploits0References4
Rows per page
Query Builder