Atlassian

Jira

142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2020-4025

  • EPSS 0.34%
  • Veröffentlicht 01.07.2020 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:10

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inje...

4.3

CVE-2020-4029

  • EPSS 0.39%
  • Veröffentlicht 01.07.2020 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:11

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization...

5.3

CVE-2019-20408

  • EPSS 0.31%
  • Veröffentlicht 01.07.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:24

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist ...

6.1

CVE-2020-14164

  • EPSS 0.39%
  • Veröffentlicht 01.07.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:46

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.

5.3

CVE-2020-14165

  • EPSS 0.3%
  • Veröffentlicht 01.07.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:47

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.

7.5

CVE-2020-14167

  • EPSS 0.92%
  • Veröffentlicht 01.07.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:47

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of S...

5.9

CVE-2020-14168

  • EPSS 0.39%
  • Veröffentlicht 01.07.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:47

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via ma...

4.3

CVE-2019-20415

  • EPSS 0.23%
  • Veröffentlicht 30.06.2020 03:15:09
  • Zuletzt bearbeitet 21.11.2024 04:38:25

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0...

4.8

CVE-2019-20416

  • EPSS 0.25%
  • Veröffentlicht 30.06.2020 03:15:09
  • Zuletzt bearbeitet 21.11.2024 04:38:25

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3...

5.4

CVE-2019-20414

  • EPSS 0.4%
  • Veröffentlicht 29.06.2020 07:15:09
  • Zuletzt bearbeitet 21.11.2024 04:38:25

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, ...