Jira Security Vulnerabilities and Issues — Jira CVE List

Lucene search

AtlassianJira

10 matches found

CVE•added 2020/06/30 3:15 a.m.•81 views

CVE-2019-20415

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

4.3CVSS4.6AI score0.00232EPSS

CVE•added 2020/06/01 7:15 a.m.•70 views

CVE-2020-4021

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

5.4CVSS5.3AI score0.0028EPSS

CVE•added 2020/06/30 3:15 a.m.•69 views

CVE-2019-20416

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.

4.8CVSS4.9AI score0.00209EPSS

CVE•added 2020/06/23 6:15 a.m.•66 views

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

9.8CVSS10AI score0.03033EPSS

CVE•added 2020/06/29 6:15 a.m.•52 views

CVE-2019-20410

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 b...

6.5CVSS6.1AI score0.00529EPSS

CVE•added 2020/06/29 6:15 a.m.•50 views

CVE-2019-20411

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

4.3CVSS4.7AI score0.00199EPSS

CVE•added 2020/06/29 7:15 a.m.•50 views

CVE-2019-20414

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

5.4CVSS5.3AI score0.00327EPSS

CVE•added 2020/06/29 6:15 a.m.•49 views

CVE-2019-20413

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

7.5CVSS7.4AI score0.00843EPSS

CVE•added 2020/06/23 1:15 p.m.•49 views

CVE-2020-4028

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.

5.3CVSS5AI score0.00455EPSS

CVE•added 2020/06/29 6:15 a.m.•47 views

CVE-2019-20412

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Stat...

5.3CVSS5.2AI score0.00531EPSS