Atlassian Jira_server
136 CVEs affecting Atlassian Jira_server. Latest disclosed: 2025-10-22. Critical: 3, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-26136 | Critical | 9.8 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impa… |
CVE-2022-0540 | Critical | 9.8 | 2022-04-20 | A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atl… |
CVE-2019-11581 | Critical | 9.8 | 2019-08-09 | There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker… |
CVE-2025-22157 | High | 8.8 | 2025-05-20 | This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Se… |
CVE-2024-21683 | High | 8.8 | 2024-05-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Executi… |
CVE-2022-26137 | High | 8.8 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application… |
CVE-2019-8443 | High | 8.1 | 2019-05-22 | The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote att… |
CVE-2019-20419 | High | 7.8 | 2020-07-03 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The af… |
CVE-2019-20400 | High | 7.8 | 2020-02-06 | The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental var… |
CVE-2021-41307 | High | 7.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via… |
CVE-2021-41306 | High | 7.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Obj… |
CVE-2021-39113 | High | 7.5 | 2021-08-30 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, v… |
CVE-2020-14178 | High | 7.5 | 2020-09-01 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the… |
CVE-2020-14167 | High | 7.5 | 2020-07-01 | The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 befor… |
CVE-2019-20413 | High | 7.5 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulner… |
CVE-2019-8442 | High | 7.5 | 2019-05-22 | The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version… |
CVE-2019-3399 | High | 7.5 | 2019-04-30 | The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for arch… |
CVE-2018-5231 | High | 7.5 | 2018-05-16 | The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and fr… |
CVE-2022-36799 | High | 7.2 | 2022-08-01 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of… |
CVE-2021-43944 | High | 7.2 | 2022-03-08 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of… |