Jira_data_center - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Jira_data_center
(Atlassian)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	74

Date	Id	Summary	Products	Score	Patch	Annotated
2020-06-01	CVE-2020-4021	Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	5.4
2020-07-01	CVE-2020-14167	The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	7.5
2020-07-01	CVE-2020-14168	The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	5.9
2020-07-01	CVE-2020-4022	The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	6.1
2020-07-01	CVE-2020-4024	The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	5.4
2020-07-01	CVE-2020-4025	The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	4.8
2020-07-01	CVE-2020-4029	The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	4.3
2020-07-03	CVE-2020-14173	The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	5.4
2020-07-13	CVE-2020-14174	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	4.3
2020-09-01	CVE-2020-14178	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.	Jira, Jira_data_center, Jira_server, Jira_software_data_center	7.5