Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2023/11/10 1:44 a.m.45 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

5.9CVSS7.1AI score0.01854EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.45 views

jackson-databind Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.0486EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/04 7:45 p.m.45 views

hutool-json Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.01181EPSS
Exploits5
Atlassian
Atlassian
added 2023/09/18 9:26 p.m.45 views

FALSE POSITIVE - OpenSearch Vulnerability in Bitbucket Data Center and Server

Notice of FALSE POSITIVE After review, it has been determined that CVE-2022-41906 DOES NOT affect ANY version of Bitbucket Data Center or Bitbucket Server. We have updated our bulletin and Jira tickets to reflect this update. We have taken action to prevent this false-positive from appearing in o...

8.7CVSS8.2AI score0.00655EPSS
Exploits0
Atlassian
Atlassian
added 2023/08/17 12:0 a.m.45 views

Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, allows an unauthenticated attacker to expose...

7.7CVSS8.5AI score0.1158EPSS
Exploits0
Atlassian
Atlassian
added 2023/01/19 9:37 a.m.45 views

HSTS configuration not working in confluence 8.0.2

h3. Issue Summary This is reproducible on Data Center: Yes h3. Steps to Reproduce Configure confluence on SSL Follow KB -...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2022/07/05 10:9 p.m.45 views

Crowd: Multiple Servlet Filter Vulnerabilities

Multiple Servlet Filter vulnerabilities have been fixed in Crowd Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...

9.8CVSS2.2AI score0.04244EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/04 12:8 a.m.45 views

Mobile web: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary The mobile web view in Confluence is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template functio...

7.2CVSS2AI score0.04087EPSS
Exploits2
Atlassian
Atlassian
added 2021/03/26 5:2 p.m.45 views

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...

10CVSS1.3AI score0.82715EPSS
Exploits14
Atlassian
Atlassian
added 2020/11/16 12:12 a.m.45 views

CSRF token theft through referrer headers - CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

6.5CVSS5.2AI score0.00703EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/08/18 4:44 p.m.45 views

Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260

There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...

9.3CVSS3.6AI score0.10047EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2020/04/27 3:45 a.m.45 views

RCE in jackson-databind

h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...

9.8CVSS1.2AI score0.0864EPSS
Exploits0
Atlassian
Atlassian
added 2019/12/17 3:24 a.m.45 views

Open redirect vulnerability in login.jsp - CVE-2019-20901

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...

6.1CVSS6.1AI score0.01183EPSS
Exploits0
Atlassian
Atlassian
added 2019/02/14 9:59 p.m.45 views

Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...

9.8CVSS4.3AI score0.34731EPSS
Exploits0
Atlassian
Atlassian
added 2019/01/23 10:56 p.m.45 views

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

9.8CVSS4.6AI score0.97356EPSS
Exploits12Affected Software1
Atlassian
Atlassian
added 2016/11/24 2:31 a.m.45 views

SSRF Team Calendars

The following endpoint has an SSRF that can be used to enumerate internal network resources that are not publicly exposed to the internet. noformat PUT /wiki/rest/calendar-services/1.0/calendar/subcalendars.json noformat PoC Using the "Team Calendar" macro, select the "Subscribe by URL" option...

Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 3:28 p.m.45 views

Grant "Browse Project" permission to "Current Assignee" makes project visible to all users

h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is given the Browse Project Permission, other users are able to view this Project. They can't necessarily view issues or create issues, but they can see the project from the...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/05 11:5 a.m.45 views

Provide HTTP headers for the content that absolutely must not be cached on the client

We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/15 4:25 p.m.45 views

XSS in RSS feed creation

URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...

6.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/04/04 7:12 a.m.44 views

XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server

This High severity XXE XML External Entity Injection org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability was introduced in versions 8.5 of Confluence Data Center and Server. This org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

9.8CVSS6.9AI score0.17044EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/25 2:22 p.m.44 views

org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819

h3. Issue Summary org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819|https://spring.io/security/cve-2024-38819 This is reproducible on Data Center: Yes h3. Steps to Reproduce N/A h3. Expected Results NA h3. Actual Results NA h3. Workaround...

6.9AI score0.54862EPSS
Exploits6Affected Software1
Atlassian
Atlassian
added 2024/04/12 1:11 a.m.44 views

org.springframework.security:spring-security-core Dependency in Bamboo Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, wi...

8.2CVSS6.7AI score0.00948EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:53 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.10379EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:52 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.20929EPSS
Exploits2
Atlassian
Atlassian
added 2024/04/09 1:50 a.m.44 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.07963EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.44 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.1AI score0.01009EPSS
Exploits1
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.44 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...

7.5CVSS7.3AI score0.01048EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/09 5:46 a.m.44 views

DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server

This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.00682EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/10 7:45 a.m.44 views

DoS (Denial of Service) com.squareup.okio:okio-jvm Dependency in Confluence Data Center and Server

This High severity com.squareup.okio:okio-jvm Dependency vulnerability was introduced in versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This com.squareup.okio:okio-jvm Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

7.5CVSS7.1AI score0.01077EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.44 views

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS8.1AI score0.02656EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/26 4:16 p.m.44 views

Info Disclosure org.eclipse.jetty:jetty-util in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS9.3AI score0.05795EPSS
Exploits0
Atlassian
Atlassian
added 2023/09/12 7:14 p.m.44 views

RCE (Remote Code Execution) in Bitbucket Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.3AI score0.14329EPSS
Exploits0
Atlassian
Atlassian
added 2023/06/27 4:19 p.m.44 views

RCE (Remote Code Execution) in Confluence Data Center & Server

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...

8.8CVSS9.3AI score0.02073EPSS
Exploits0
Atlassian
Atlassian
added 2023/02/22 2:38 a.m.44 views

Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...

5.3CVSS5.3AI score0.00792EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.44 views

Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

5.3CVSS5.8AI score0.00804EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/09/01 11:49 p.m.44 views

Replay attack via the CSRF failure retry form - CVE-2021-39124

The Cross-Site Request Forgery CSRF failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. Affected versions: version 8.16.0 Fixed...

4.3CVSS6.1AI score0.00528EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/07 5:7 p.m.44 views

RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...

10CVSS5.3AI score0.82715EPSS
Exploits14
Atlassian
Atlassian
added 2020/10/28 5:45 p.m.44 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.44 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/02 6:19 a.m.44 views

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...

4.3CVSS4.7AI score0.0075EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/02 5:55 a.m.44 views

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...

4.3CVSS4.7AI score0.0075EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/02/27 9:43 a.m.44 views

OkHttp Certificate Pinning Vulnerability CVE-2016-2402

h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...

5.9CVSS0.2AI score0.02249EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/12/10 2:16 a.m.44 views

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

6.1CVSS4.3AI score0.00739EPSS
Exploits0
Atlassian
Atlassian
added 2019/09/05 4:14 a.m.44 views

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

9.8CVSS3.1AI score0.07786EPSS
Exploits0
Atlassian
Atlassian
added 2019/09/05 4:14 a.m.44 views

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

9.8CVSS3.1AI score0.07786EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/07/09 2:47 a.m.44 views

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

10CVSS3.2AI score0.10458EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/02/07 10:18 p.m.44 views

The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...

5.4CVSS1.5AI score0.00591EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/15 3:57 p.m.44 views

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/04/09 1:51 a.m.43 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.06278EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/07 2:45 p.m.43 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

7.5CVSS9.5AI score0.02082EPSS
Exploits0
Total number of security vulnerabilities4295