Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_data_center
(Atlassian)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 74 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-01 | CVE-2020-4024 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
2020-07-01 | CVE-2020-4025 | The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.8 | ||
2020-07-01 | CVE-2020-4029 | The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
2020-07-03 | CVE-2020-14173 | The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
2020-07-13 | CVE-2020-14174 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
2020-09-01 | CVE-2020-14178 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 7.5 | ||
2020-09-21 | CVE-2020-14179 | Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. | Jira_data_center, Jira_server | 5.3 | ||
2021-02-02 | CVE-2020-36231 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
2021-02-15 | CVE-2020-36234 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | Data_center, Jira, Jira_data_center, Jira_server | 4.8 | ||
2021-02-15 | CVE-2020-36236 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.1 |