Jira Server Security Vulnerabilities and Issues — Jira Server CVE List

Lucene search

AtlassianJira Server

11 matches found

CVE•added 2019/08/09 8:15 p.m.•1186 views

CVE-2019-11581

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Da...

9.8CVSS9.5AI score0.94366EPSS

CVE•added 2019/08/23 2:15 p.m.•75 views

CVE-2019-11586

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

4.3CVSS4.8AI score0.00138EPSS

CVE•added 2019/08/23 2:15 p.m.•70 views

CVE-2019-8446

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

5.3CVSS5.3AI score0.62652EPSS

CVE•added 2019/08/23 2:15 p.m.•64 views

CVE-2019-11585

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

6.1CVSS6.1AI score0.0025EPSS

CVE•added 2019/08/23 2:15 p.m.•61 views

CVE-2019-8444

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

5.4CVSS5.3AI score0.00327EPSS

CVE•added 2019/08/23 2:15 p.m.•60 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.

4.3CVSS4.8AI score0.00152EPSS

CVE•added 2019/08/23 2:15 p.m.•58 views

CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

4.3CVSS4.8AI score0.00261EPSS

CVE•added 2019/08/23 2:15 p.m.•55 views

CVE-2019-8445

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

5.3CVSS5.2AI score0.00902EPSS

CVE•added 2019/08/23 2:15 p.m.•49 views

CVE-2019-11587

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

6.5CVSS6.4AI score0.00138EPSS

CVE•added 2019/08/13 3:15 p.m.•49 views

CVE-2019-8448

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

5.3CVSS5.1AI score0.00369EPSS

CVE•added 2019/08/23 2:15 p.m.•40 views

CVE-2019-11589

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vul...

6.1CVSS6.2AI score0.00271EPSS