Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2021/09/15 1:19 a.m.43 views

Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

7.5CVSS6.5AI score0.01173EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/07 7:58 a.m.43 views

Sending an unauthenticated request to the Synchrony allows writing to the logs

h3. Issue Summary It is possible to write log entries via Synchrony API without authentication. h3. Steps to Reproduce To do this, you have to enter the target URL in Postman:, copy the GET or POST request and send the http request. For all POST requests, you must ensure that the content length...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/08/25 1:6 a.m.43 views

Issue watchers continue receiving updates even after their Jira account is revoked - CVE-2021-39119

h3. Summary Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are...

5.3CVSS5.3AI score0.00752EPSS
Exploits0
Atlassian
Atlassian
added 2021/05/06 8:2 a.m.43 views

Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

6.1CVSS5.8AI score0.04049EPSS
Exploits4
Atlassian
Atlassian
added 2021/03/24 2:0 p.m.43 views

jira.editor.user.mode cookie missing the secure attribute when Jira is configured with https - CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

4.3CVSS4.6AI score0.01232EPSS
Exploits0
Atlassian
Atlassian
added 2020/11/10 12:3 a.m.43 views

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

5.3CVSS5.8AI score0.99999EPSS
Exploits12
Atlassian
Atlassian
added 2020/08/18 4:57 p.m.43 views

Git submodules vulnerability in Sourcetree for Windows - CVE-2020-5260

There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...

9.3CVSS4.4AI score0.10047EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2020/04/08 3:24 a.m.43 views

XSS via Issue Navigator Basic Search - CVE-2019-20414

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in Issue Navigator Basic Search. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...

5.4CVSS4.4AI score0.01047EPSS
Exploits0
Atlassian
Atlassian
added 2020/04/08 3:0 a.m.43 views

CSRF on Wallboard endpoint - CVE-2019-20411

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...

4.3CVSS5.3AI score0.00651EPSS
Exploits0
Atlassian
Atlassian
added 2019/07/08 11:32 p.m.43 views

Upgrade Xstream to address CVE-2016-3674

The bundled version of XStream in Fisheye before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...

7.5CVSS1.6AI score0.08179EPSS
Exploits0
Atlassian
Atlassian
added 2019/04/02 5:50 a.m.43 views

Upgrade Tomcat to 8.5.38 to fix CVE-2019-0199

h3. Denial of service in Apache Tomcat CVE-2019-0199 A vulnerability was found in Apache Tomcat version from 9.0.0.M1 to 9.0.14 inclusive and 8.5.0 to 8.5.37 inclusive. The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams...

7.5CVSS2.8AI score0.72855EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/01/23 10:17 p.m.43 views

Command Injection via URI handling in Sourcetree for Windows - CVE-2018-20236

There was an command injection vulnerability in Sourcetree for Windows via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. h4. Affected versions: Versions of Sourcetree for Windows befo...

9.3CVSS4.6AI score0.0644EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/05/11 5:27 a.m.43 views

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

6.1CVSS3.6AI score0.37611EPSS
Exploits0
Atlassian
Atlassian
added 2018/03/08 4:18 a.m.43 views

Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...

9CVSS3.1AI score0.02822EPSS
Exploits1
Atlassian
Atlassian
added 2018/02/07 10:18 p.m.43 views

The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...

5.4CVSS1.5AI score0.00591EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/02/07 10:18 p.m.43 views

The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...

5.4CVSS1.5AI score0.00591EPSS
Exploits0
Atlassian
Atlassian
added 2017/05/23 4:7 a.m.43 views

Incorrect permission check for deployment projects (CVE-2017-8907)

Bamboo did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan...

8.8CVSS2.4AI score0.01638EPSS
Exploits1
Atlassian
Atlassian
added 2016/10/05 2:12 p.m.43 views

Oracle Security Patched DB Driver Not Working

+Issue Summary+ Following a recent security patch by Oracle for the ojdbc6.jar driver as fix for CVE-2016-3506. p23727132112040Generic.zip, available in Oracle Support download area, applying the patch to Confluence breaks Confluence with Confluence throwing: code Caused by: java.sql.SQLException...

8.1CVSS1.4AI score0.03542EPSS
Exploits0
Atlassian
Atlassian
added 2012/09/05 11:5 a.m.43 views

Provide HTTP headers for the content that absolutely must not be cached on the client

We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/07/31 7:10 a.m.42 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 9.4.0, 9.12.0, 9.15.0, 9.16.0, and 9.17.0 of Jira Software Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.2AI score0.04602EPSS
Exploits0
Atlassian
Atlassian
added 2024/07/11 7:10 a.m.42 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/06/07 4:11 a.m.42 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/05/23 6:45 a.m.42 views

Bundled JRE in Bitbucket 8.0+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919

h3. Issue Summary Bitbucket 8.0 and above till Bitbucket 8.5 bundles OpenJDK 8u322 and Bitbucket 8.6 and above till Bitbucket 8.15 bundles OpenJDK 11.0.21 which are vulnerable versions as per OpenJDK advisory|https://openjdk.org/groups/vulnerability/advisories/2024-01-16. The recommendation is to...

7.4CVSS7.2AI score0.00911EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/21 6:32 a.m.42 views

Gatekeeper Template Injection in Confluence Data Center

This High severity Gatekeeper Injection vulnerability was introduced in versions 7.1.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2024/02/19 5:51 a.m.42 views

Path Traversal in Confluence Data Center

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact...

8.8CVSS8.3AI score0.00926EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/22 2:45 a.m.43 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.5AI score0.02082EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/14 3:45 a.m.42 views

DoS (Denial of Service) json-java in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.7AI score0.01449EPSS
Exploits1
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.42 views

DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.7CVSS8AI score0.1158EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.42 views

DoS (Denial of Service) com.fasterxml.jackson.core in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS9.1AI score0.0486EPSS
Exploits1
Atlassian
Atlassian
added 2023/11/03 12:46 a.m.42 views

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

7.5CVSS7.2AI score0.05791EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/26 4:17 p.m.42 views

DoS (Denial of Service) org.eclipse.jetty:jetty-io in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.8CVSS6.6AI score0.53861EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/19 8:41 p.m.42 views

RCE (Remote Code Execution) in Bitbucket Data Center and Server - CVE-2022-1471

h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed...

9.8CVSS6.8AI score0.99615EPSS
Exploits7
Atlassian
Atlassian
added 2021/05/18 5:47 p.m.42 views

XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript: Affected versions: version 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

6.1CVSS5.8AI score0.01292EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/23 11:23 p.m.42 views

Username Enumeration through the render api resource - CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. Affected...

5.3CVSS5.3AI score0.01591EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/06 11:46 p.m.42 views

DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

Affected versions of Atlassian Confluence Server allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the avatar upload feature in Confluence. The affected versions are before version 7.2.0. Affected versions: version 7.2.0 Fixed versions:...

6.5CVSS6.3AI score0.02214EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/10/14 3:41 a.m.42 views

Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. Affected...

5.3CVSS5.8AI score0.01866EPSS
Exploits0
Atlassian
Atlassian
added 2020/02/04 11:21 p.m.42 views

Information leak through broken access control in Jira Server and Data Center - CVE-2019-20407

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check...

4.3CVSS5.6AI score0.01198EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/12/17 4:10 a.m.42 views

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Crucible before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

4.3CVSS3.2AI score0.00915EPSS
Exploits0
Atlassian
Atlassian
added 2019/08/12 2:42 a.m.42 views

"Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998

The Webwork action Cross-Site Request Forgery CSRF protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance...

6.5CVSS5.9AI score0.01175EPSS
Exploits1
Atlassian
Atlassian
added 2019/08/09 3:42 a.m.42 views

Open redirect in the ChangeSharedFilterOwner resource - CVE-2019-11589

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery CSRF token, via a open redirect...

6.1CVSS5.4AI score0.01119EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/14 1:19 p.m.42 views

Vulnerable javascript library: jQuery

Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/07 12:32 a.m.42 views

CVE-2016-4319: /auditing/settings was vulnerable to CSRF

The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...

8.8CVSS1.3AI score0.00666EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/06/24 8:41 p.m.42 views

When JIRA project has a security scheme, the option "None" is not displayed in Crucible

h3. Summary Whenever a JIRA project has a Security Scheme defined, and a workflow transition has at least one required field, a window is opened in JIRA side so that the required field/s are selected. Among the fields displayed in this window there will be the "Security Level", in which the...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/10/27 7:37 p.m.42 views

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

4.3CVSS5AI score0.61114EPSS
Exploits5
Atlassian
Atlassian
added 2015/08/18 4:53 a.m.42 views

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...

6.5CVSS6.6AI score0.59312EPSS
Exploits7
Atlassian
Atlassian
added 2025/05/09 1:9 a.m.41 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.0.0-rc5, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.9AI score0.66933EPSS
Exploits5
Atlassian
Atlassian
added 2024/05/21 10:14 a.m.41 views

DoS (Denial of Service) com.google.code.gson:gson Dependency in Crucible Data Center and Server

This High severity com.google.code.gson:gson Dependency vulnerability was introduced in version 4.8.0 of Crucible Data Center and Server. This com.google.code.gson:gson Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.7CVSS6.8AI score0.1158EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/14 7:45 a.m.41 views

Request Smuggling org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in version 9.4.0 of Jira Software Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01448EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/05 7:33 p.m.41 views

RCE (Remote Code Execution) in Confluence Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.6AI score0.01565EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.41 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

5.9CVSS6.7AI score0.01854EPSS
Exploits0
Total number of security vulnerabilities4295