Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2020/04/27 3:45 a.m.45 views

RCE in jackson-databind

h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...

9.8CVSS1.2AI score0.0864EPSS
Exploits0
Atlassian
Atlassian
added 2019/04/29 3:50 a.m.45 views

Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.5CVSS7.3AI score0.59832EPSS
Exploits1
Atlassian
Atlassian
added 2019/02/14 9:59 p.m.45 views

Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...

9.8CVSS4.3AI score0.34731EPSS
Exploits0
Atlassian
Atlassian
added 2019/01/23 10:56 p.m.45 views

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

9.8CVSS4.6AI score0.97356EPSS
Exploits12Affected Software1
Atlassian
Atlassian
added 2017/08/17 6:8 a.m.45 views

XSS in User Macros Description Field

We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...

4.8CVSS0.7AI score0.00612EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/24 2:31 a.m.45 views

SSRF Team Calendars

The following endpoint has an SSRF that can be used to enumerate internal network resources that are not publicly exposed to the internet. noformat PUT /wiki/rest/calendar-services/1.0/calendar/subcalendars.json noformat PoC Using the "Team Calendar" macro, select the "Subscribe by URL" option...

Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/28 4:54 a.m.45 views

Upgrade bundled Java to 8u101+

Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect JIRA...

8.1CVSS2.7AI score0.00509EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/08 7:34 a.m.45 views

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs a...

7.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/04/04 7:12 a.m.44 views

XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server

This High severity XXE XML External Entity Injection org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability was introduced in versions 8.5 of Confluence Data Center and Server. This org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

9.8CVSS6.9AI score0.17044EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/25 2:22 p.m.44 views

org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819

h3. Issue Summary org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819|https://spring.io/security/cve-2024-38819 This is reproducible on Data Center: Yes h3. Steps to Reproduce N/A h3. Expected Results NA h3. Actual Results NA h3. Workaround...

6.9AI score0.54862EPSS
Exploits6Affected Software1
Atlassian
Atlassian
added 2024/04/12 1:11 a.m.44 views

org.springframework.security:spring-security-core Dependency in Bamboo Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, wi...

8.2CVSS6.7AI score0.00948EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:53 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.10379EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:52 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.20929EPSS
Exploits2
Atlassian
Atlassian
added 2024/04/09 1:50 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.07963EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.44 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.1AI score0.01009EPSS
Exploits1
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.44 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...

7.5CVSS7.3AI score0.01048EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/09 5:46 a.m.44 views

DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server

This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.00682EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/10 7:45 a.m.44 views

DoS (Denial of Service) com.squareup.okio:okio-jvm Dependency in Confluence Data Center and Server

This High severity com.squareup.okio:okio-jvm Dependency vulnerability was introduced in versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This com.squareup.okio:okio-jvm Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

7.5CVSS7.1AI score0.01077EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.44 views

jackson-databind Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.0486EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.44 views

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS8.1AI score0.02656EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/26 4:16 p.m.44 views

Info Disclosure org.eclipse.jetty:jetty-util in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS9.3AI score0.05795EPSS
Exploits0
Atlassian
Atlassian
added 2023/09/12 7:14 p.m.44 views

RCE (Remote Code Execution) in Bitbucket Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.3AI score0.14329EPSS
Exploits0
Atlassian
Atlassian
added 2023/06/27 4:19 p.m.44 views

RCE (Remote Code Execution) in Confluence Data Center & Server

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

8.8CVSS9.3AI score0.02073EPSS
Exploits0
Atlassian
Atlassian
added 2023/02/22 2:38 a.m.44 views

Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...

5.3CVSS5.3AI score0.00792EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.44 views

Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

5.3CVSS5.8AI score0.00804EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/07 5:7 p.m.44 views

RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...

10CVSS5.3AI score0.82715EPSS
Exploits14
Atlassian
Atlassian
added 2020/10/28 5:45 p.m.44 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.44 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/02 6:19 a.m.44 views

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...

4.3CVSS4.7AI score0.0075EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/02 5:55 a.m.44 views

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...

4.3CVSS4.7AI score0.0075EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/02/27 9:43 a.m.44 views

OkHttp Certificate Pinning Vulnerability CVE-2016-2402

h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...

5.9CVSS0.2AI score0.02249EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/12/17 3:24 a.m.44 views

Open redirect vulnerability in login.jsp - CVE-2019-20901

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...

6.1CVSS6.1AI score0.01183EPSS
Exploits0
Atlassian
Atlassian
added 2019/12/10 2:16 a.m.44 views

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

6.1CVSS4.3AI score0.00739EPSS
Exploits0
Atlassian
Atlassian
added 2019/09/05 4:14 a.m.44 views

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

9.8CVSS3.1AI score0.07786EPSS
Exploits0
Atlassian
Atlassian
added 2019/07/09 2:47 a.m.44 views

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

10CVSS3.2AI score0.10458EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/02/04 2:52 a.m.44 views

Update Java version bundled found in the installer to a version >= 1.8u71

Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...

10CVSS2.1AI score0.14714EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 3:28 p.m.44 views

Grant "Browse Project" permission to "Current Assignee" makes project visible to all users

h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is given the Browse Project Permission, other users are able to view this Project. They can't necessarily view issues or create issues, but they can see the project from the...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/15 4:25 p.m.44 views

XSS in RSS feed creation

URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...

6.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/15 3:57 p.m.44 views

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/04/09 1:51 a.m.43 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.06278EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/07 2:45 p.m.43 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

7.5CVSS9.5AI score0.02082EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/27 1:0 p.m.43 views

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

7.5AI score
Exploits0
Atlassian
Atlassian
added 2024/02/12 3:45 a.m.43 views

com.google.guava:guava Dependency in Jira Service Management Data Center and Server

This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.20.0, 4.22.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, 5.12.0, and 5.13.0 of Jira Service Management Data Center and Server. This com.google.guava:guava...

7.1CVSS6.8AI score0.00248EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/08 8:45 p.m.43 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01762EPSS
Exploits1
Atlassian
Atlassian
added 2023/12/05 4:45 a.m.43 views

DoS (Denial of Service) okio in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability is included in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, and 8.14.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01077EPSS
Exploits1
Atlassian
Atlassian
added 2023/12/03 11:55 p.m.43 views

Upgrade Tomcat to fix CVE-2023-46589

h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled with ...

7.5CVSS7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.43 views

Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

7.5CVSS6.5AI score0.01173EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/07 7:58 a.m.43 views

Sending an unauthenticated request to the Synchrony allows writing to the logs

h3. Issue Summary It is possible to write log entries via Synchrony API without authentication. h3. Steps to Reproduce To do this, you have to enter the target URL in Postman:, copy the GET or POST request and send the http request. For all POST requests, you must ensure that the content length...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/09/01 11:49 p.m.43 views

Replay attack via the CSRF failure retry form - CVE-2021-39124

The Cross-Site Request Forgery CSRF failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. Affected versions: version 8.16.0 Fixed...

4.3CVSS6.1AI score0.00528EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/08/25 1:6 a.m.43 views

Issue watchers continue receiving updates even after their Jira account is revoked - CVE-2021-39119

h3. Summary Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are...

5.3CVSS5.3AI score0.00752EPSS
Exploits0
Total number of security vulnerabilities4295