Jira Server Security Vulnerabilities and Issues — Jira Server CVE List

Lucene search

AtlassianJira Server

16 matches found

CVE•added 2019/05/22 6:29 p.m.•135 views

CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

7.5CVSS7.2AI score0.92613EPSS

CVE•added 2024/06/18 5:15 p.m.•125 views

CVE-2024-21685

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure ...

7.4CVSS7.2AI score0.00275EPSS

CVE•added 2021/03/22 5:15 a.m.•122 views

CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 be...

7.2CVSS6.9AI score0.00853EPSS

CVE•added 2022/08/01 11:15 a.m.•100 views

CVE-2022-36799

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template ...

7.2CVSS7.5AI score0.03428EPSS

CVE•added 2020/02/06 3:15 a.m.•97 views

CVE-2019-20400

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.

7.8CVSS7.4AI score0.00145EPSS

CVE•added 2022/03/08 2:15 a.m.•92 views

CVE-2021-43944

7.2CVSS7.6AI score0.02123EPSS

CVE•added 2019/04/30 4:29 p.m.•79 views

CVE-2019-3399

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

7.5CVSS7.4AI score0.00573EPSS

CVE•added 2021/09/16 6:15 a.m.•76 views

CVE-2021-39128

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Ser...

7.2CVSS7.3AI score0.00712EPSS

CVE•added 2020/09/01 5:15 a.m.•70 views

CVE-2020-14178

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before...

7.5CVSS7.3AI score0.01369EPSS

CVE•added 2018/05/16 1:29 p.m.•69 views

CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

7.5CVSS7.3AI score0.00979EPSS

CVE•added 2021/10/26 5:15 a.m.•67 views

CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...

7.5CVSS7.4AI score0.00735EPSS

CVE•added 2021/08/30 7:15 a.m.•65 views

CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 ...

7.5CVSS7.4AI score0.00558EPSS

CVE•added 2020/07/01 2:15 a.m.•61 views

CVE-2020-14167

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.

7.5CVSS7.4AI score0.00915EPSS

CVE•added 2021/10/26 5:15 a.m.•58 views

CVE-2021-41307

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.1...

7.5CVSS7.5AI score0.01264EPSS

CVE•added 2020/07/03 2:15 a.m.•56 views

CVE-2019-20419

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.

7.8CVSS7.9AI score0.0082EPSS

CVE•added 2020/06/29 6:15 a.m.•49 views

CVE-2019-20413

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

7.5CVSS7.4AI score0.00843EPSS