Jira Data Center Security Vulnerabilities and Issues — Jira Data Center CVE List

Lucene search

AtlassianJira Data Center

15 matches found

CVE•added 2022/08/10 3:15 a.m.•122 views

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.

6.1CVSS6AI score0.12004EPSS

CVE•added 2022/06/30 6:15 a.m.•117 views

CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 b...

6.5CVSS6.2AI score0.90005EPSS

CVE•added 2022/02/15 4:15 a.m.•96 views

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before...

6.5CVSS6.5AI score0.00214EPSS

CVE•added 2021/02/15 12:15 a.m.•91 views

CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6...

6.1CVSS5.8AI score0.0047EPSS

CVE•added 2021/04/15 12:15 a.m.•91 views

CVE-2020-36288

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused...

6.1CVSS5.8AI score0.00553EPSS

CVE•added 2022/01/05 4:15 a.m.•84 views

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from ver...

6.5CVSS6.3AI score0.00285EPSS

CVE•added 2021/10/26 5:15 a.m.•80 views

CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from ...

6.1CVSS5.9AI score0.0047EPSS

CVE•added 2020/07/01 2:15 a.m.•79 views

CVE-2020-4022

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart con...

6.1CVSS5.8AI score0.00405EPSS

CVE•added 2021/06/07 11:15 p.m.•77 views

CVE-2021-26079

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

6.1CVSS6AI score0.00435EPSS

CVE•added 2021/06/07 11:15 p.m.•76 views

CVE-2021-26080

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

6.1CVSS6AI score0.00375EPSS

CVE•added 2021/10/26 5:15 a.m.•72 views

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0, fro...

6.5CVSS6.3AI score0.00243EPSS

CVE•added 2021/10/21 3:15 a.m.•69 views

CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

6.5CVSS6.7AI score0.0033EPSS

CVE•added 2021/08/30 7:15 a.m.•61 views

CVE-2021-39111

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such a...

6.1CVSS5.8AI score0.00416EPSS

CVE•added 2020/06/29 6:15 a.m.•52 views

CVE-2019-20410

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 b...

6.5CVSS6.1AI score0.00529EPSS

CVE•added 2020/07/13 1:15 a.m.•50 views

CVE-2019-20897

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

6.5CVSS6.2AI score0.0083EPSS