Atlassian

Jira

142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2018-20827

Exploit
  • EPSS 0.18%
  • Veröffentlicht 09.08.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:16

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

6.5

CVE-2019-11583

  • EPSS 0.48%
  • Veröffentlicht 26.06.2019 16:15:09
  • Zuletzt bearbeitet 21.11.2024 04:21:23

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

7.5

CVE-2019-8442

  • EPSS 92.61%
  • Veröffentlicht 22.05.2019 18:29:02
  • Zuletzt bearbeitet 21.11.2024 04:49:54

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF direct...

8.1

CVE-2019-8443

  • EPSS 0.78%
  • Veröffentlicht 22.05.2019 18:29:02
  • Zuletzt bearbeitet 21.11.2024 04:49:54

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades admin...

5.3

CVE-2019-3401

  • EPSS 83.31%
  • Veröffentlicht 22.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:02

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

6.1

CVE-2019-3402

  • EPSS 46.35%
  • Veröffentlicht 22.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:02

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName ...

5.3

CVE-2019-3403

  • EPSS 82.8%
  • Veröffentlicht 22.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:02

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

6.1

CVE-2018-20824

  • EPSS 58.83%
  • Veröffentlicht 03.05.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:15

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

7.5

CVE-2019-3399

  • EPSS 0.57%
  • Veröffentlicht 30.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:01

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

5.4

CVE-2018-13403

  • EPSS 0.17%
  • Veröffentlicht 13.02.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:02

The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross s...