Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_software_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-01 | CVE-2020-4021 | Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
| 2020-06-23 | CVE-2020-4028 | Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | Jira, Jira_software_data_center | 5.3 | ||
| 2020-07-01 | CVE-2020-14164 | The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. | Jira, Jira_software_data_center | 6.1 | ||
| 2020-07-01 | CVE-2020-14165 | The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. | Jira, Jira_software_data_center | 5.3 | ||
| 2020-07-01 | CVE-2020-14167 | The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 7.5 | ||
| 2020-07-01 | CVE-2020-14168 | The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.9 | ||
| 2020-07-01 | CVE-2020-14169 | The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability | Jira, Jira_software_data_center | 6.1 | ||
| 2020-07-01 | CVE-2020-4022 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.1 | ||
| 2020-07-01 | CVE-2020-4024 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
| 2020-07-01 | CVE-2020-4025 | The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.8 |