Jira Software Data Center Security Vulnerabilities and Issues — Jira Software Data Center CVE List

Lucene search

AtlassianJira Software Data Center

8 matches found

CVE•added 2020/02/06 3:15 a.m.•113 views

CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

4.3CVSS4.6AI score0.00277EPSS

CVE•added 2020/02/06 3:15 a.m.•98 views

CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

4.9CVSS5.1AI score0.00258EPSS

CVE•added 2020/07/01 2:15 a.m.•97 views

CVE-2020-4029

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.

4.3CVSS4.6AI score0.0039EPSS

CVE•added 2020/07/13 5:15 a.m.•87 views

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5...

4.3CVSS4.6AI score0.00263EPSS

CVE•added 2020/06/30 3:15 a.m.•81 views

CVE-2019-20415

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

4.3CVSS4.6AI score0.00232EPSS

CVE•added 2020/07/01 2:15 a.m.•79 views

CVE-2020-4025

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site ...

4.8CVSS5AI score0.00335EPSS

CVE•added 2021/02/02 12:15 a.m.•74 views

CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.

4.3CVSS4.7AI score0.0027EPSS

CVE•added 2020/06/30 3:15 a.m.•69 views

CVE-2019-20416

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.

4.8CVSS4.9AI score0.00209EPSS