Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_software_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-01 | CVE-2020-4029 | The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2020-07-03 | CVE-2020-14172 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before... | Jira, Jira_software_data_center | 9.8 | ||
| 2020-07-03 | CVE-2020-14173 | The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
| 2020-07-13 | CVE-2020-14174 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2020-09-01 | CVE-2020-14178 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 7.5 | ||
| 2021-02-02 | CVE-2020-36231 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2021-02-15 | CVE-2020-36235 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | Jira, Jira_server, Jira_software_data_center | 5.3 | ||
| 2021-02-15 | CVE-2020-36236 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.1 | ||
| 2021-10-21 | CVE-2021-39127 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2021-10-26 | CVE-2021-41305 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | Jira, Jira_software_data_center | 7.5 |