Atlassian Jira
64 CVEs affecting Atlassian Jira. Latest disclosed: 2019-12-18. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5983 | Critical | 9.8 | 2017-04-10 | The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execut… |
CVE-2012-2926 | Critical | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 be… |
CVE-2016-4319 | High | 8.8 | 2017-04-10 | Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. |
CVE-2016-6285 | Medium | 6.1 | 2017-01-31 | Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitr… |
CVE-2016-4318 | Medium | 4.8 | 2017-04-10 | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. |
CVE-2019-15013 | | 2019-12-18 | The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8… | |
CVE-2019-8451 | | 2019-09-11 | The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via… | |
CVE-2019-8450 | | 2019-09-11 | Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permiss… | |
CVE-2019-8449 | | 2019-09-11 | The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnera… | |
CVE-2019-14998 | | 2019-09-11 | The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection vi… | |
CVE-2019-14997 | | 2019-09-11 | The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an i… | |
CVE-2019-14996 | | 2019-09-11 | The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML… | |
CVE-2019-14995 | | 2019-09-11 | The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and… | |
CVE-2019-8447 | | 2019-08-23 | The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSR… | |
CVE-2019-8446 | | 2019-08-23 | The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | |
CVE-2019-8445 | | 2019-08-23 | Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time informati… | |
CVE-2019-8444 | | 2019-08-23 | The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaS… | |
CVE-2019-11589 | | 2019-08-23 | The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows… | |
CVE-2019-11588 | | 2019-08-23 | The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before versi… | |
CVE-2019-11587 | | 2019-08-23 | Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before versio… |