Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 74 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-08 | CVE-2021-39116 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. | Jira_data_center, Jira_server | 5.5 | ||
| 2021-09-08 | CVE-2021-39121 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. | Data_center, Jira, Jira_data_center, Jira_server | 4.3 | ||
| 2021-09-08 | CVE-2021-39122 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | Data_center, Jira, Jira_data_center, Jira_server | 5.3 | ||
| 2021-09-16 | CVE-2021-39128 | Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. | Jira_data_center, Jira_server | 7.2 | ||
| 2021-10-21 | CVE-2021-39126 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | Jira_data_center, Jira_server | 6.5 | ||
| 2021-10-21 | CVE-2021-39127 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2021-10-26 | CVE-2021-41304 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. | Data_center, Jira, Jira_data_center, Jira_server | 6.1 | ||
| 2021-10-26 | CVE-2021-41308 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.5 | ||
| 2021-11-01 | CVE-2021-41313 | Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. | Jira_data_center, Jira_server | 4.3 | ||
| 2022-01-05 | CVE-2021-43946 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. | Jira_data_center, Jira_server | 6.5 |