Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_software_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-29 | CVE-2019-20414 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
| 2020-06-30 | CVE-2019-20415 | Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2020-07-13 | CVE-2019-20897 | The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.5 | ||
| 2020-07-13 | CVE-2019-20899 | The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2020-07-13 | CVE-2019-20898 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. | Jira, Jira_software_data_center | 7.5 | ||
| 2020-02-06 | CVE-2019-20402 | Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | Jira, Jira_software_data_center | N/A | ||
| 2020-07-03 | CVE-2019-20418 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | Jira, Jira_software_data_center | N/A | ||
| 2020-06-30 | CVE-2019-20416 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | Jira, Jira_software_data_center | N/A | ||
| 2020-06-23 | CVE-2019-20409 | The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | Jira, Jira_software_data_center | N/A |