Jira Security Vulnerabilities and Issues — Jira CVE List

Lucene search

AtlassianJira

4 matches found

CVE•added 2020/02/06 3:15 a.m.•113 views

CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

4.3CVSS4.6AI score0.00277EPSS

CVE•added 2020/02/06 3:15 a.m.•98 views

CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

4.9CVSS5.1AI score0.0026EPSS

CVE•added 2020/02/12 2:15 p.m.•63 views

CVE-2019-20100

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version ...

4.7CVSS4.5AI score0.00386EPSS

CVE•added 2020/02/13 5:15 p.m.•45 views

CVE-2012-1500

Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.

5.4CVSS5.2AI score0.00218EPSS