Jira Security Vulnerabilities and Issues — Jira CVE List

Lucene search

AtlassianJira

4 matches found

CVE•added 2017/04/10 3:59 p.m.•99 views

CVE-2017-5983

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

9.8CVSS9.3AI score0.04886EPSS

CVE•added 2017/04/10 3:59 a.m.•58 views

CVE-2016-4318

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.

4.8CVSS5.6AI score0.00229EPSS

CVE•added 2017/04/10 3:59 a.m.•55 views

CVE-2016-4319

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

8.8CVSS8.6AI score0.00172EPSS

CVE•added 2017/01/31 10:59 p.m.•49 views

CVE-2016-6285

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

6.1CVSS5.9AI score0.00767EPSS