Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_software_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-26 | CVE-2021-41306 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | Jira, Jira_server, Jira_software_data_center | 7.5 | ||
| 2021-10-26 | CVE-2021-41307 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | Jira, Jira_server, Jira_software_data_center | 7.5 | ||
| 2021-10-26 | CVE-2021-41308 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.5 | ||
| 2021-11-01 | CVE-2021-41310 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. | Jira_software_data_center | 6.1 | ||
| 2021-12-08 | CVE-2021-41309 | Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. | Jira_software_data_center | 5.3 | ||
| 2021-12-08 | CVE-2021-41311 | Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. | Jira_software_data_center | 7.5 | ||
| 2020-02-06 | CVE-2019-20106 | Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2020-06-29 | CVE-2019-20410 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.5 | ||
| 2020-06-29 | CVE-2019-20412 | The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2020-06-29 | CVE-2019-20413 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 7.5 |