Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2025/05/09 1:9 a.m.41 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.0.0-rc5, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.9AI score0.66933EPSS
Exploits5
Atlassian
Atlassian
added 2023/12/14 7:45 a.m.41 views

Request Smuggling org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in version 9.4.0 of Jira Software Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01448EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/05 7:33 p.m.41 views

RCE (Remote Code Execution) in Confluence Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.6AI score0.01565EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.41 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

5.9CVSS6.7AI score0.01854EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/03 12:46 a.m.41 views

SSRF org.apache.xmlgraphics in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

7.5CVSS7.3AI score0.02143EPSS
Exploits0
Atlassian
Atlassian
added 2021/10/25 1:13 a.m.41 views

Reflected XSS /secure/admin/ImporterFinishedPage.jspa via error message - CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from...

6.1CVSS5AI score0.00848EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/26 5:0 p.m.41 views

RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...

10CVSS4.6AI score0.82715EPSS
Exploits14Affected Software1
Atlassian
Atlassian
added 2021/01/20 1:40 a.m.41 views

Board metadata is viewable without permissions via IDOR - CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. ...

4.3CVSS5AI score0.012EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/08 9:14 p.m.41 views

REST API - Deactivate the REST API

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/03/23 1:50 a.m.41 views

DoS through Jira Gadget API - CVE-2019-20899

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. Affected versions: version 8.5.4 8.6.0 Fixed versions: This is fixed in versions 8.5.4, 8.6.1 and 8.7.0...

5.3CVSS5.2AI score0.02139EPSS
Exploits0
Atlassian
Atlassian
added 2019/08/12 2:48 a.m.41 views

User enumeration through the groupuserpicker api resource - CVE-2019-8449

h3. Issue summary The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. h3. Workaround If upgrading Jira to 8.4.0 is not an option for now, then a temporary workaround consists in...

5.3CVSS5.2AI score0.84771EPSS
Exploits8
Atlassian
Atlassian
added 2019/07/09 2:33 a.m.41 views

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Crucible before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

6.1CVSS2.3AI score0.02039EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/01/23 10:43 p.m.41 views

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for macOS via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for macOS is able to able to exploit this issue to gain code execution on the system. h4. Affected version...

9.8CVSS3.7AI score0.97356EPSS
Exploits12
Atlassian
Atlassian
added 2018/05/11 5:57 a.m.41 views

Denial of service through the ForgotLoginDetails resource - CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it...

7.5CVSS5.2AI score0.02843EPSS
Exploits0
Atlassian
Atlassian
added 2017/12/18 2:40 a.m.41 views

XSS through the jqlQuery query parameter to the printable searchrequest issue resource - CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jqlQuery query parameter...

6.1CVSS5.7AI score0.01039EPSS
Exploits0
Atlassian
Atlassian
added 2017/08/30 2:12 a.m.41 views

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...

6.1CVSS2AI score0.71601EPSS
Exploits1
Atlassian
Atlassian
added 2016/07/31 11:34 p.m.41 views

Upgrade bundled Java to 8u101+

Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect Confluence...

8.1CVSS2.8AI score0.00509EPSS
Exploits0
Atlassian
Atlassian
added 2016/02/19 12:4 a.m.41 views

Upgrade Tomcat to the latest 8.0.x release

h3. Summary We are currently on 8.0.17 and have already been bitten by a bug in it: https://bz.apache.org/bugzilla/showbug.cgi?id=57476 We should upgrade to the latest to get the latest bugfixes. Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager...

8.8CVSS7.2AI score0.1838EPSS
Exploits0
Atlassian
Atlassian
added 2014/05/30 3:39 a.m.41 views

Remove url parameter support for os_username, os_password

Putting credentials in request parameters is likely to lead to those credentials being logged in access logs. h4. Workaround The following workaround is available in Jira 8.0.0 and higher versions. If you wish to prevent users from authenticating using url parameters, specifying their username &...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/30 3:39 a.m.41 views

Remove url parameter support for os_username, os_password

Putting credentials in request parameters is likely to lead to those credentials being logged in access logs. h4. Workaround The following workaround is available in Jira 8.0.0 and higher versions. If you wish to prevent users from authenticating using url parameters, specifying their username &...

3.2AI score
Exploits0
Atlassian
Atlassian
added 2014/05/24 4:42 a.m.41 views

CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2

Crowd 2.7.2 is shipped with Tomcat 7.0.42, which is susceptible to CVE-2013-4590|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4590 h3.Workaround Deploy Crowd WAR instead, with Tomcat 7.0.50 or above. Instructions here:...

4.3CVSS0.2AI score0.09487EPSS
Exploits1
Atlassian
Atlassian
added 2014/02/25 3:59 a.m.41 views

Velocity XSS in $space.name

I got the following email from Ulrich Kuhnhardt quote While we were doing some testing with XSS for the shiny new Publishing plugin we found that the velocity renderer does not escape $space.name To reproduce Create a space with name 'alert'bang'css' Create a user macro ’simple-space-name' in...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/26 9:6 a.m.41 views

View Content Permission Set not Complete.

The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/07 3:37 p.m.41 views

EPIC FAIL: new user signups result in plain text email with all login details

After signing up to a JIRA instance, I got an email which simply amazed me - it contained: My username My email address My full name My password It was all there, right before me, in a plain-text unencrypted email sent across a public network. WTF?! I'm not sure which universe that's considered a...

Exploits0Affected Software1
Atlassian
Atlassian
added 2008/04/08 9:34 a.m.41 views

It's possible to browse project names when using Issue Security Scheme.

A customer user is set up and only allowed to see "External" issues. - The user is added as project role "Customers" in project "X". - The project got Issue Security Scheme "Customers". Internal / External When logging in as the customer user, you can only see the External issues within this...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.40 views

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819

This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...

7.5CVSS6.8AI score0.54862EPSS
Exploits6
Atlassian
Atlassian
added 2024/10/08 10:25 p.m.40 views

Bundled JRE Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.0, 8.19.0, and 9.2.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to expose assets in your environment susceptible...

7.4CVSS6.9AI score0.01136EPSS
Exploits0
Atlassian
Atlassian
added 2024/08/22 7:11 a.m.40 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 9.2.1, 9.5.0, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.04602EPSS
Exploits0
Atlassian
Atlassian
added 2024/07/03 8:30 a.m.40 views

DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.10901EPSS
Exploits0
Atlassian
Atlassian
added 2024/07/03 8:30 a.m.40 views

DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.4AI score0.12697EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/04 5:45 a.m.40 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Confluence Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 5.6 of Confluence Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS7.6AI score0.0082EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/06 4:53 a.m.40 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a...

7.5CVSS7.2AI score0.01772EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.40 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Confluence Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 4.1 of Confluence Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS8.6AI score0.01772EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/09 5:45 a.m.40 views

Request Smuggling org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5...

7.5CVSS6.7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/08 8:45 p.m.40 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.01707EPSS
Exploits1
Atlassian
Atlassian
added 2023/12/14 2:45 p.m.40 views

RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server

This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...

9.3CVSS7.2AI score0.85001EPSS
Exploits7
Atlassian
Atlassian
added 2023/12/14 2:45 p.m.40 views

DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server

This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.8AI score0.04928EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/14 7:45 a.m.41 views

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/03 12:46 a.m.40 views

XSS org.apache.xmlgraphics:batik-script in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

7.5CVSS7.3AI score0.0232EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.40 views

Woodstox Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.19653EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.40 views

jackson-databind Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.8AI score0.01124EPSS
Exploits1
Atlassian
Atlassian
added 2023/03/15 2:40 p.m.40 views

JavaScript Code with variable containing underscore does not work

h3. Issue Summary JavaScript Code with a variable containing an underscore does not work in Page Template HTML macro 3rd Party Plugin Script Runner h3. Steps to Reproduce Sample code block: code:java $test $test1 $"inputname='variableValues.test'".changefunction console.log$this.val;...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2021/10/13 6:33 a.m.40 views

Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20....

4.3CVSS6.8AI score0.00842EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.40 views

Stored XSS on /secure/admin/AssociatedProjectsForCustomField.jspa - CVE-2021-41310

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Associated Projects feature /secure/admin/AssociatedProjectsForCustomField.jspa. The affected versions are before...

6.1CVSS4.5AI score0.00692EPSS
Exploits0
Atlassian
Atlassian
added 2021/07/09 1:38 p.m.40 views

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page. This bug was introduced in version 8.15.0, and i...

4.8CVSS4.8AI score0.00635EPSS
Exploits0
Atlassian
Atlassian
added 2021/06/14 8:11 p.m.40 views

Upgrade bundled Java to 8u292+

Currently our latest available Jira version includes AdoptOpenJDK 1.8.0275, which does not include a fix for the following vulnerabilities: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20 It affects AdoptOpenJDK up to 1.8.0282, so we should bundle Jira with AdoptOpenJDK 1.8.02...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/05/19 12:21 a.m.40 views

Reverse tabnapping via Project Shortcuts feature - CVE-2021-39112

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0...

4.9CVSS5.2AI score0.0073EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/17 9:41 p.m.40 views

CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

3.5CVSS5.1AI score0.0049EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 6:34 p.m.40 views

XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version...

6.1CVSS5.6AI score0.01274EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 5:58 p.m.40 views

Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...

5.3CVSS5.6AI score0.23086EPSS
Exploits0
Total number of security vulnerabilities4295