Latest atlassian jira software data center Vulnerabilities

CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project ...
Atlassian Jira Software Data Center<8.19.1
CVE-2021-41311
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Bro...
Atlassian Jira Software Data Center<8.19.1
CVE-2021-41310
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Proj...
Atlassian Jira Software Data Center<8.5.19
Atlassian Jira Software Data Center>=8.6.0<8.13.11
Atlassian Jira Software Data Center>=8.14.0<8.19.1
CVE-2021-41305
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerabil...
Atlassian JIRA<8.13.12
Atlassian Jira Software Data Center<8.13.12
CVE-2021-41307
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (ID...
Atlassian JIRA<8.13.12
Atlassian Jira Server>=8.14.0<8.20.0
Atlassian Jira Software Data Center<8.13.12
Atlassian Jira Software Data Center>=8.14.0<8.20.0
CVE-2021-41306
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in th...
Atlassian JIRA<8.13.12
Atlassian Jira Server>=8.14.0<8.20.0
Atlassian Jira Software Data Center<8.13.12
Atlassian Jira Software Data Center>=8.14.0<8.20.0
CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in...
Atlassian JIRA<8.6.0
Atlassian Jira Data Center>=8.7.0<8.13.12
Atlassian Jira Server>=8.7.0<8.13.12
Atlassian Jira Server>=8.14.0<8.20.1
Atlassian Jira Software Data Center<8.6.0
Atlassian Jira Software Data Center>=8.14.0<8.20.1
CVE-2021-39127
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affec...
Atlassian JIRA<8.5.10
Atlassian Jira Data Center>=8.6.0<8.13.1
Atlassian Jira Server>=8.6.0<8.13.1
Atlassian Jira Software Data Center<8.5.10
CVE-2020-36236
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa ...
Atlassian JIRA<8.5.11
Atlassian Jira Data Center>=8.6.0<8.13.3
Atlassian Jira Server>=8.6.0<8.13.3
Atlassian Jira Server>=8.14.0<8.15.0
Atlassian Jira Software Data Center<8.5.11
Atlassian Jira Software Data Center>=8.14.0<8.15.0
CVE-2020-36235
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile si...
Atlassian JIRA<8.13.2
Atlassian Jira Server>=8.14.0<8.14.1
Atlassian Jira Software Data Center<8.13.2
Atlassian Jira Software Data Center>=8.14.0<8.14.1
CVE-2020-14178
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected...
Atlassian JIRA<7.13.7
Atlassian Jira Data Center>=8.0.0<8.5.8
Atlassian Jira Data Center>=8.6.0<8.12.0
Atlassian Jira Server>=8.0.0<8.5.8
Atlassian Jira Server>=8.6.0<8.12.0
Atlassian Jira Software Data Center<7.13.7
CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administratio...
Atlassian JIRA<7.13.16
Atlassian Jira Data Center>=8.0.0<8.5.7
Atlassian Jira Data Center>=8.6.0<8.9.2
Atlassian Jira Data Center=8.10.0
Atlassian Jira Server>=8.0.0<8.5.7
Atlassian Jira Server>=8.6.0<8.9.2
and 2 more
CVE-2019-20899
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affect...
Atlassian JIRA<8.5.4
Atlassian Jira Data Center>=8.5.5<8.6.1
Atlassian Jira Data Center>=8.6.2<8.7.0
Atlassian Jira Server>=8.5.5<8.6.1
Atlassian Jira Server>=8.6.2<8.7.0
Atlassian Jira Software Data Center<8.5.4
CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions ar...
Atlassian JIRA<8.8.0
Atlassian Jira Software Data Center<8.8.0
CVE-2019-20897
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before ve...
Atlassian JIRA<8.5.4
Atlassian Jira Data Center>=8.6.0<8.6.2
Atlassian Jira Data Center>=8.7.0<8.7.1
Atlassian Jira Server>=8.6.0<8.6.2
Atlassian Jira Server>=8.7.0<8.7.1
Atlassian Jira Software Data Center<8.5.4
CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atla...
Atlassian JIRA<7.13.0
Atlassian JIRA>=8.0.0<8.5.0
Atlassian JIRA>=8.6.0<8.8.1
Atlassian Jira Software Data Center<7.13.0
Atlassian Jira Software Data Center>=8.0.0<8.5.0
Atlassian Jira Software Data Center>=8.6.0<8.8.1
CVE-2020-14173
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The...
Atlassian JIRA<8.5.4
Atlassian Jira Data Center>=8.6.0<8.6.2
Atlassian Jira Data Center>=8.7.0<8.7.1
Atlassian Jira Server>=8.6.0<8.6.2
Atlassian Jira Server>=8.7.0<8.7.1
Atlassian Jira Software Data Center<8.5.4
CVE-2020-14169
Atlassian JIRA<8.9.1
Atlassian Jira Software Data Center<8.9.1
CVE-2020-4022
Atlassian JIRA<8.5.5
Atlassian Jira Data Center>=8.6.0<8.8.2
Atlassian Jira Data Center>=8.9.0<8.9.1
Atlassian Jira Server>=8.6.0<8.8.2
Atlassian Jira Server>=8.9.0<8.9.1
Atlassian Jira Software Data Center<8.5.5
CVE-2020-4029
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enu...
Atlassian JIRA<8.5.5
Atlassian Jira Data Center>=8.6.0<8.7.2
Atlassian Jira Data Center>=8.8.0<8.8.1
Atlassian Jira Server>=8.6.0<8.7.2
Atlassian Jira Server>=8.8.0<8.8.1
Atlassian Jira Software Data Center<8.5.5
CVE-2020-4024
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or Jav...
Atlassian JIRA<8.5.5
Atlassian Jira Data Center>=8.6.0<8.8.2
Atlassian Jira Data Center>=8.9.0<8.9.1
Atlassian Jira Server>=8.6.0<8.8.2
Atlassian Jira Server>=8.9.0<8.9.1
Atlassian Jira Software Data Center<8.5.5
CVE-2020-14164
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by ...
Atlassian JIRA<8.8.2
Atlassian Jira Software Data Center<8.8.2
CVE-2020-14165
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper aut...
Atlassian JIRA<8.9.0
Atlassian Jira Software Data Center<8.9.0
CVE-2020-14168
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails ...
Atlassian JIRA<7.13.14
Atlassian Jira Data Center>=8.5.0<8.5.5
Atlassian Jira Data Center>=8.8.0<8.8.2
Atlassian Jira Data Center>=8.9.0<8.9.1
Atlassian Jira Server>=8.5.0<8.5.5
Atlassian Jira Server>=8.8.0<8.8.2
and 2 more
CVE-2019-20415
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions...
Atlassian JIRA<7.13.3
Atlassian Jira Data Center>=8.0.0<8.1.0
Atlassian Jira Server>=8.0.0<8.1.0
Atlassian Jira Software Data Center<7.13.3
CVE-2019-20416
Atlassian JIRA<8.3.0
Atlassian Jira Software Data Center<8.3.0
CVE-2019-20414
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search....
Atlassian JIRA<7.13.9
Atlassian Jira Data Center>=8.0.0<8.4.2
Atlassian Jira Server>=8.0.0<8.4.2
Atlassian Jira Software Data Center<7.13.9
CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affe...
Atlassian JIRA<7.6.17
Atlassian Jira Data Center>=7.7.0<7.13.9
Atlassian Jira Data Center>=8.0.0<8.4.2
Atlassian Jira Server>=7.7.0<7.13.9
Atlassian Jira Server>=8.0.0<8.4.2
Atlassian Jira Software Data Center<7.6.17
CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerabil...
Atlassian JIRA<7.13.9
Atlassian Jira Data Center>=8.0.0<8.4.2
Atlassian Jira Server>=8.0.0<8.4.2
Atlassian Jira Software Data Center<7.13.9
CVE-2019-20413
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa pag...
Atlassian JIRA<7.13.9
Atlassian Jira Data Center>=8.0.0<8.4.2
Atlassian Jira Server>=8.0.0<8.4.2
Atlassian Jira Software Data Center<7.13.9
CVE-2019-20409
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a serv...
Atlassian JIRA<8.8.0
Atlassian Jira Software Data Center<8.8.0
CVE-2020-4021
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS)...
Atlassian JIRA<7.13.16
Atlassian Jira Data Center>=8.0.0<8.5.5
Atlassian Jira Data Center>=8.6.0<8.8.1
Atlassian Jira Server>=8.0.0<8.5.5
Atlassian Jira Server>=8.6.0<8.8.1
Atlassian Jira Software Data Center<7.13.16
CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper...
Atlassian JIRA<8.6.0
Atlassian Jira Software Data Center<8.6.0
CVE-2019-20106
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket...
Atlassian JIRA<7.13.12
Atlassian Jira Data Center>=8.0.0<8.5.4
Atlassian Jira Data Center=8.6.0
Atlassian Jira Server>=8.0.0<8.5.4
Atlassian Jira Server=8.6.0
Atlassian Jira Software Data Center<7.13.12
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind which did not have entity expansion secured properly making it vulnerable to XML external entity (XXE). This vulnerability is similar to <a href="https:...
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00002.1.el6ea
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 147 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203