Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.x < 8.22.0 (JRASERVER-73594)

The version of Atlassian Jira installed on the remote host is prior to 8.13.18 / 8.14.x 8.20.6 / 8.21.x 8.22.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73594 advisory. - Affected versions of Atlassian Jira Server and Data Center allow attackers with...

Atlassian Jira < 8.13.23 / 8.20.0 < 8.20.11 / 8.21.0 < 9.0.0 (JRASERVER-73597)

The version of Atlassian Jira installed on the remote host is prior to 8.13.23 / 8.20.0 8.20.11 / 8.21.0 9.0.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73597 advisory. - Affected versions of Atlassian Jira Server and Data Center allow remote attackers with...

Admin user can change Base URL without WebSudo validation

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to change the Base URL of a Jira instance via a Broken Access Control vulnerability in the /rest/api/2/settings/baseUrl endpoint. The affected...