Atlassian

Jira Data Center

79 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2019-20100

Exploit
  • EPSS 0.35%
  • Veröffentlicht 12.02.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:03

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from vers...

4.3

CVE-2019-20099

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.02.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:03

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious...

4.3

CVE-2019-20098

Exploit
  • EPSS 0.93%
  • Veröffentlicht 12.02.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:03

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making maliciou...

4.3

CVE-2019-20405

  • EPSS 0.18%
  • Veröffentlicht 06.02.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:24

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

4.3

CVE-2019-20404

  • EPSS 1.05%
  • Veröffentlicht 06.02.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:24

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

5.3

CVE-2019-20403

  • EPSS 0.44%
  • Veröffentlicht 06.02.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:24

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

4.3

CVE-2019-20106

  • EPSS 0.51%
  • Veröffentlicht 06.02.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:04

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions ...

9

CVE-2019-15001

  • EPSS 12.03%
  • Veröffentlicht 19.09.2019 15:15:15
  • Zuletzt bearbeitet 21.11.2024 04:27:51

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote at...

5.4

CVE-2018-20239

  • EPSS 0.41%
  • Veröffentlicht 30.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:08

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cro...