Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira
(Atlassian)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 143 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-13 | CVE-2019-20901 | The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | Jira, Jira_server | 6.1 | ||
2019-09-11 | CVE-2019-8449 | The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | Jira | 5.3 | ||
2012-05-22 | CVE-2012-2926 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via... | Bamboo, Confluence, Confluence_server, Crowd, Crucible, Fisheye, Jira | 9.1 | ||
2020-07-13 | CVE-2019-20898 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. | Jira, Jira_software_data_center | 7.5 | ||
2020-02-06 | CVE-2019-20402 | Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | Jira, Jira_software_data_center | N/A | ||
2020-07-03 | CVE-2019-20418 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | Jira, Jira_software_data_center | N/A | ||
2020-07-01 | CVE-2019-20408 | The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | Jira | N/A | ||
2020-06-30 | CVE-2019-20416 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | Jira, Jira_software_data_center | N/A | ||
2020-06-23 | CVE-2019-20409 | The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | Jira, Jira_software_data_center | N/A | ||
2020-02-13 | CVE-2012-1500 | Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | Greenhopper, Jira | N/A |