Lucene search

Jira Security Vulnerabilities - February 2020

cve

CVE-2012-1500

Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.

5.4CVSS

5.2AI Score

0.001EPSS

2020-02-13 05:15 PM

cve

CVE-2019-20100

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version ...

4.7CVSS

4.5AI Score

0.001EPSS

2020-02-12 02:15 PM

cve

CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

4.3CVSS

4.6AI Score

0.001EPSS

2020-02-06 03:15 AM

cve

CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

4.9CVSS

5.1AI Score

0.001EPSS

2020-02-06 03:15 AM