Atlassian Jira_software_data_center
39 CVEs affecting Atlassian Jira_software_data_center. Latest disclosed: 2021-12-08. Critical: 2, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-14172 | Critical | 9.8 | 2020-07-03 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in w… |
CVE-2019-20409 | Critical | 9.8 | 2020-06-23 | The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code exec… |
CVE-2021-41311 | High | 7.5 | 2021-12-08 | Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify pr… |
CVE-2021-41307 | High | 7.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via… |
CVE-2021-41306 | High | 7.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Obj… |
CVE-2021-41305 | High | 7.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure D… |
CVE-2020-14178 | High | 7.5 | 2020-09-01 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the… |
CVE-2019-20898 | High | 7.5 | 2020-07-13 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global per… |
CVE-2020-14167 | High | 7.5 | 2020-07-01 | The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 befor… |
CVE-2019-20413 | High | 7.5 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulner… |
CVE-2021-41308 | Medium | 6.5 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via… |
CVE-2019-20897 | Medium | 6.5 | 2020-07-13 | The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG… |
CVE-2019-20418 | Medium | 6.5 | 2020-07-03 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Ser… |
CVE-2019-20410 | Medium | 6.5 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in… |
CVE-2021-41310 | Medium | 6.1 | 2021-11-01 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (… |
CVE-2020-36236 | Medium | 6.1 | 2021-02-15 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulne… |
CVE-2020-4022 | Medium | 6.1 | 2020-07-01 | The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote… |
CVE-2020-14169 | Medium | 6.1 | 2020-07-01 | The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Sit… |
CVE-2020-14164 | Medium | 6.1 | 2020-07-01 | The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cro… |
CVE-2020-14168 | Medium | 5.9 | 2020-07-01 | The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows re… |