Lucene search
K
AtlassianData Center

38 matches found

CVE
CVE
added 2020/09/17 12:35 a.m.455 views

CVE-2020-14181

CVE-2020-14181 affects Atlassian Jira Server/Data Center and enables an unauthenticated user to enumerate users via the /ViewUserHover.jspa endpoint due to an information disclosure flaw. Affected versions are: < 7.13.16, 8.0.0–<8.5.7, and 8.6.0–

5.3CVSS5.3AI score0.99603EPSS
In wildWeb
CVE
CVE
added 2021/05/12 3:30 a.m.175 views

CVE-2020-36289

Atlassian Jira Server and Data Center is affected by an unauthenticated information-disclosure via the QueryComponentRendererValue!Default.jspa endpoint. Affected versions are before 8.5.13; from 8.6.0 before 8.13.5; and from 8.14.0 before 8.15.1. An unauthenticated attacker can enumerate users a...

5.3CVSS5AI score0.99209EPSS
CVE
CVE
added 2021/06/07 10:25 p.m.171 views

CVE-2021-26078

CVE-2021-26078 affects Jira Server and Jira Data Center: the number range searcher component is vulnerable to cross-site scripting (XSS) in versions before 8.5.14, 8.6.x before 8.13.6, and 8.14.0 before 8.16.1. An unauthenticated, remote attacker can inject arbitrary HTML/JavaScript via crafted i...

6.1CVSS5.9AI score0.03841EPSS
CVE
CVE
added 2021/04/09 2:0 a.m.164 views

CVE-2020-36287

Summary: CVE-2020-36287 affects Atlassian Jira Server/Data Center through the dashboard gadgets preference resource of the Atlassian gadgets plugin. The root cause is a missing permissions check, enabling remote anonymous access to gadget-related settings. Affected versions: Jira Server prior to ...

5.3CVSS5AI score0.08951EPSS
Web
CVE
CVE
added 2021/09/01 10:50 p.m.161 views

CVE-2021-39119

CVE-2021-39119 affects Atlassian Jira Server and Data Center prior to 8.19.0. The vulnerability is a Broken Access Control in the issue notification feature that allows users who have watched an issue to receive updates even after their Jira account is revoked. Affected versions are before 8.19.0...

5.3CVSS5.2AI score0.00752EPSS
CVE
CVE
added 2021/03/22 4:40 a.m.138 views

CVE-2021-26070

CVE-2021-26070 affects Atlassian Jira Server and Data Center. The vulnerability is a Broken Authentication issue in the makeRequest gadget resource that allows remote attackers to evade behind-the-firewall protections for app-linked resources. Affected versions are before 8.13.3 and 8.14.0 before...

7.2CVSS6.9AI score0.01955EPSS
CVE
CVE
added 2021/03/22 4:50 a.m.135 views

CVE-2021-26069

CVE-2021-26069 affects Atlassian Jira Server/Data Center via an information-disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations endpoint. Affected versions are before 8.5.11, 8.6.0 before 8.13.3, and 8.14.0 before 8.15.0, allowing unauthenticated remote attackers to dow...

5.3CVSS5.3AI score0.02508EPSS
Web
CVE
CVE
added 2022/01/06 1:5 a.m.132 views

CVE-2021-43947

CVE-2021-43947 affects Atlassian Jira Server/Data Center: remote code execution via Email Templates, exploitable by an administrator. Affected versions are before 8.13.15 and 8.14.x before 8.20.3; remediation is to upgrade to 8.20.3 or later. The issue bypasses the JSDSERVER-8665 fix.

9CVSS7.4AI score0.04117EPSS
CVE
CVE
added 2021/07/20 3:25 a.m.131 views

CVE-2021-26081

CVE-2021-26081 affects Atlassian Jira Server/Data Center: REST API /rest/api/latest/user/avatar/temporary allows remote username enumeration in affected builds (before 8.5.14; 8.6.x before 8.13.6; 8.14.x before 8.16.1). Public reports confirm the vulnerability exists in these versions, with the i...

5.3CVSS5.2AI score0.01184EPSS
CVE
CVE
added 2022/02/15 2:40 a.m.128 views

CVE-2021-43953

CVE-2021-43953 affects Atlassian Jira Server/Data Center. A CSRF vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint allows unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings. Affected versions are before 8.13.16 and 8.14.x before 8.20.5....

4.3CVSS4.7AI score0.00469EPSS
CVE
CVE
added 2021/08/02 2:35 a.m.122 views

CVE-2017-18113

Summary: CVE-2017-18113 affects Jira Server/Data Center prior to 8.18.1, where the DefaultOSWorkflowConfigurator can be manipulated via crafted workflows to trigger Remote Code Execution (RCE). The underlying issue involves unsafe OSWorkflow classes being used in workflows, allowing an attacker t...

8.8CVSS9.1AI score0.01802EPSS
CVE
CVE
added 2021/02/18 3:9 p.m.122 views

CVE-2020-29453

CVE-2020-29453 affects Jira Server/Data Center: CachingResourceDownloadRewriteRule allows unauthenticated remote readers to access arbitrary files in WEB-INF and META-INF due to an incorrect path check. Products/versions implicated (per initial sources): before 8.5.11, 8.6.x before 8.13.3, and 8....

5.3CVSS5.4AI score0.23086EPSS
CVE
CVE
added 2021/02/15 12:0 a.m.117 views

CVE-2020-36234

CVE-2020-36234: Atlassian Jira Server/Data Center XSS in Screens Modal view affects Jira versions prior to 8.5.11, 8.6.x before 8.13.3, and 8.14.x before 8.15.0. Root cause is insufficient input validation in the Screens Modal UI, enabling remote attackers to inject arbitrary HTML/JavaScript. Imp...

4.8CVSS5.3AI score0.01015EPSS
CVE
CVE
added 2022/02/28 12:20 a.m.116 views

CVE-2021-43945

Summary (CVE-2021-43945): Atlassian Jira Server/Data Center is affected by a Stored XSS in the /rest/jpo/1.0/hierarchyConfiguration endpoint. Remote attackers with Roadmaps Administrator permissions can inject arbitrary HTML/JavaScript through this SXSS. Affected versions are before 8.20.3; fixed...

4.8CVSS4.9AI score0.00566EPSS
CVE
CVE
added 2021/02/15 12:45 a.m.115 views

CVE-2020-29451

CVE-2020-29451 maps to an information-disclosure vulnerability in Atlassian Jira Server/Data Center, affecting the Jira Projects plugin report page. The vulnerability allows a remote attacker to enumerate Jira projects from affected installations. Affected versions are before 8.5.11, 8.6.0 before...

4.3CVSS4.5AI score0.00846EPSS
CVE
CVE
added 2021/02/14 11:55 p.m.111 views

CVE-2020-36237

CVE-2020-36237 affects Atlassian Jira Server and Data Center prior to 8.15.0, where unauthenticated remote attackers can view custom field options via the /rest/api/2/customFieldOption/ endpoint (information disclosure). Affected versions are before 8.15.0; fixed in 8.15.0. The connected Atlassia...

5.3CVSS5.2AI score0.01244EPSS
CVE
CVE
added 2021/04/14 11:45 p.m.109 views

CVE-2021-26076

CVE-2021-26076 concerns the jira.editor.user.mode cookie used by the Jira Editor Plugin on Jira Server/Data Center. The issue arises when the cookie isn’t marked as Secure if Jira is configured to use HTTPS, enabling remote anonymous attackers to perform a man-in-the-middle attack to learn which ...

4.3CVSS4.2AI score0.01232EPSS
CVE
CVE
added 2021/04/01 2:30 a.m.107 views

CVE-2020-36238

CVE-2020-36238 affects Jira Server/Data Center. The vulnerability exists in the /rest/api/1.0/render resource and allows remote anonymous attackers to determine whether a username is valid via a missing permissions check. Affected versions include Jira Server/Data Center before 8.5.13, from 8.6.0...

5.3CVSS5AI score0.01591EPSS
Web
CVE
CVE
added 2021/04/01 3:10 a.m.105 views

CVE-2020-36286

CVE-2020-36286 affects Atlassian Jira Server and Data Center; information disclosure vulnerability in the membersOf JQL search function allows remote anonymous attackers to determine if a group exists and group memberships when exposed via publicly visible issue fields. Affected versions before f...

5.3CVSS5.1AI score0.0141EPSS
CVE
CVE
added 2021/04/14 11:45 p.m.104 views

CVE-2020-36288

CVE-2020-36288 affects Atlassian Jira Server/Data Center: DOM-based XSS caused by parameter pollution in the issue navigation/search view. Affected ranges are Jira Server/Data Center prior to 8.5.12, 8.6.x prior to 8.13.4, and 8.14.x prior to 8.15.1. Remediation is to upgrade to fixed versions: 8...

6.1CVSS5.8AI score0.01519EPSS
CVE
CVE
added 2021/04/01 2:30 a.m.104 views

CVE-2021-26071

CVE-2021-26071 affects Jira Server/Data Center via the SetFeatureEnabled.jspa resource. The vulnerability allows remote anonymous attackers to enable/disable Jira Software configuration through a Cross-Site Request Forgery (CSRF) vulnerability. Affected versions are Jira Server/Data Center before...

3.5CVSS4.4AI score0.0049EPSS
CVE
CVE
added 2021/04/14 11:45 p.m.102 views

CVE-2021-26075

CVE-2021-26075 affects Atlassian Jira Server/Data Center: the AttachTemporaryFile REST resource allows remote authenticated attackers to disclose the full path of the Jira application data directory via an error message when an invalid filename is provided. Affected versions are before 8.5.12, fr...

4.3CVSS4.3AI score0.0161EPSS
CVE
CVE
added 2021/08/25 2:30 a.m.101 views

CVE-2021-39112

CVE-2021-39112 affects Atlassian Jira Server/Data Center with a reverse tabnabbing issue in Project Shortcuts. Affected versions are before 8.5.15; 8.6.0 before 8.13.7; 8.14.0 before 8.17.1; and 8.18.0 before 8.18.1. The connected sources specify affected versions and vulnerability class but do n...

4.9CVSS5AI score0.0073EPSS
CVE
CVE
added 2021/07/20 3:25 a.m.98 views

CVE-2021-26083

Affected product: Atlassian Jira Server/Data Center. Vulnerable component: Export HTML Report feature. Root cause: Cross-Site Scripting (XSS) due to improper input handling in the export HTML report path. Impact: remote attackers can inject arbitrary HTML/JavaScript via the export HTML Report, wi...

5.4CVSS5.2AI score0.00599EPSS
CVE
CVE
added 2021/10/26 4:15 a.m.96 views

CVE-2021-41304

CVE-2021-41304 affects Atlassian Jira Server/Data Center with a reflected XSS in the error message of /secure/admin/ImporterFinishedPage.jspa. Affected versions are < 8.13.12 and 8.14.0 ≤

6.1CVSS5.9AI score0.00848EPSS
CVE
CVE
added 2021/07/20 3:25 a.m.95 views

CVE-2021-26082

The CVE-2021-26082 issue affects Atlassian Jira Server/Data Center’s XML Export feature, allowing stored cross-site scripting via the XML Export path. Affected ranges: Jira Server/Data Center before 8.5.14; 8.6.0 before 8.13.6; 8.14.0 before 8.17.0. Root cause: improper handling in the XML Export...

5.4CVSS5.3AI score0.00735EPSS
CVE
CVE
added 2021/11/03 3:50 a.m.91 views

CVE-2021-41312

CVE-2021-41312 affects Atlassian Jira Server and Data Center prior to 8.19.1. The vulnerability is an Improper Authentication in the /secure/ViewCollectors endpoint that allows a remote attacker who previously had access revoked from Jira Service Management to enable/disable Issue Collectors with...

7.5CVSS7.5AI score0.01173EPSS
CVE
CVE
added 2021/06/07 10:35 p.m.89 views

CVE-2021-26079

CVE-2021-26079 affects Atlassian Jira Server/Data Center: the CardLayoutConfigTable component is vulnerable to remote XSS . Affected versions include Jira Server/Data Center before 8.5.15; 8.6.0 before 8.13.7; and 8.14.0 before 8.17.0. The vulnerability allows a remote attacker to inject arbitrar...

6.1CVSS6AI score0.0091EPSS
CVE
CVE
added 2021/09/08 2:5 a.m.86 views

CVE-2021-39122

CVE-2021-39122 affects Atlassian Jira Server and Data Center via an Information Disclosure vulnerability in the /rest/api/2/search endpoint, allowing anonymous remote attackers to view users’ emails. Affected versions include pre-8.5.13, 8.6.0–8.13.5 (before 8.13.5), and 8.14.0–8.15.1 (before 8.1...

5.3CVSS5.1AI score0.01356EPSS
CVE
CVE
added 2021/09/14 6:15 a.m.83 views

CVE-2021-39125

CVE-2021-39125 affects Atlassian Jira Server and Data Center, enabling anonymous remote attackers to enumerate usernames via the password reset page. Affected versions are before 8.5.10 and 8.6.0 through 8.13.1. Fixed versions are 8.5.10 and 8.13.1. No exploitation details are provided in the con...

5.3CVSS5.4AI score0.01356EPSS
CVE
CVE
added 2021/08/30 6:30 a.m.79 views

CVE-2021-39113

Summary of CVE-2021-39113 (Atlassian Jira Server/Data Center) Affects: Atlassian Jira Server and Data Center installations. Vulnerable component: the allowlist feature enabling access control for cached content. Root cause: Broken Access Control allowing anonymous remote attackers to continue vie...

7.5CVSS7.4AI score0.01809EPSS
CVE
CVE
added 2021/09/08 1:45 a.m.78 views

CVE-2021-39121

Summary: CVE-2021-39121 is an information-disclosure vulnerability in Atlassian Jira Server/Data Center that allows an authenticated remote attacker to enumerate private project keys via the /rest/api/latest/projectvalidate/key endpoint. Affected versions: before 8.5.18; 8.6.0 before 8.13.10; 8.1...

4.3CVSS4.7AI score0.01104EPSS
CVE
CVE
added 2021/08/30 6:30 a.m.76 views

CVE-2021-39111

The CVE-2021-39111 issue affects the Editor plugin in Atlassian Jira Server/Data Center. A Cross-Site Scripting (XSS) vulnerability exists in handling supplied content (e.g., PDFs pasted into fields like description), allowing remote attackers to inject arbitrary HTML/JavaScript. Affected version...

6.1CVSS5.8AI score0.00978EPSS
CVE
CVE
added 2021/09/14 4:20 a.m.74 views

CVE-2021-39124

Atlassian Jira Server and Data Center are affected prior to 8.16.0 by a CSRF failure retry feature that lets remote attackers trick a user into retrying a request, bypassing CSRF protection and replaying a crafted request. Affected versions:

4.3CVSS5.1AI score0.00511EPSS
CVE
CVE
added 2021/09/14 4:55 a.m.70 views

CVE-2021-39118

CVE-2021-39118 affects Atlassian Jira Server and Data Center. The vulnerability is an enumeration flaw in the /rest/api/1.0/render endpoint that allows remote attackers to discover usernames and full names of users. Affected versions are those prior to 8.19.0; fixed in 8.19.0. The connected sourc...

5.3CVSS5.2AI score0.01376EPSS
CVE
CVE
added 2021/09/14 5:10 a.m.69 views

CVE-2019-20101

CVE-2019-20101 affects Atlassian Jira Server/Data Center. The vulnerability is a Broken Access Control issue in the endpoint /rest/whitelist//check, allowing anonymous remote attackers to view whitelist rules. Affected versions are before 8.13.3 and 8.14.0 up to 8.14.1. The root cause is improper...

5.3CVSS5.2AI score0.01331EPSS
Web
CVE
CVE
added 2021/09/14 4:30 a.m.65 views

CVE-2021-39123

CVE-2021-39123 affects Atlassian Jira Server and Data Center prior to 8.16.0, where unauthenticated remote attackers can impact availability via DoS on the /rest/gadget/1.0/createdVsResolved/generate endpoint. The vulnerability is triggered in the gadget generation path and is mitigated by upgrad...

7.5CVSS7.5AI score0.01549EPSS
CVE
CVE
added 2021/08/30 6:30 a.m.63 views

CVE-2021-39117

Summary: Atlassian Jira Server and Data Center prior to 8.18.0 are vulnerable to a stored XSS via the Custom Fields creation on the AssociateFieldToScreens page. The root cause is insufficient sanitization of the field name, allowing an attacker to inject arbitrary HTML/JavaScript. Affected versi...

4.8CVSS4.9AI score0.00635EPSS