Skip to main content

Jira

89 CVEs product

Monthly

CVE-2026-1662 HIGH This Week

Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Gitlab Jira Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22892 Go MEDIUM PATCH This Month

Mattermost versions 11.1.2, 10.11.9, and 11.2.1 and earlier fail to properly enforce access controls in the Jira plugin's /create-issue API endpoint, allowing authenticated users to read restricted post content and attachments from channels they cannot access by referencing post IDs. An attacker with Jira plugin access can exploit this to enumerate and exfiltrate sensitive information from private or restricted channels. No patch is currently available for affected versions.

Jira Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1466 MEDIUM PATCH This Month

Jirafeau's MIME type validation can be bypassed by sending crafted HTTP requests with invalid MIME types, allowing attackers to trigger browser-based MIME sniffing that may execute malicious JavaScript embedded in SVG or HTML files. An unauthenticated remote attacker can exploit this through a simple network request requiring user interaction to view a malicious preview. A patch is available and the vulnerability affects Jirafeau and related products.

Jira XSS Jirafeau
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57681 MEDIUM POC This Month

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. [CVSS 5.4 MEDIUM]

Jira XSS Worklogpro
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-67824 MEDIUM This Month

WorklogPRO - Jira Timesheets plugin in the Jira Data Center versions up to 4.24.2 is affected by cross-site scripting (xss) (CVSS 6.1).

Jira XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-49673 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Neuvector Vulnerability Scanner Jira Google Compute Engine +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49653 Maven MEDIUM PATCH This Month

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29041 Maven MEDIUM PATCH This Month

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jenkins Jira
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-41312 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41308 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41307 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41306 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41305 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41304 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39127 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-39125 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39124 MEDIUM This Month

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Data Center Jira
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-39123 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Data Center Jira
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-39118 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39122 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39121 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-39119 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39117 MEDIUM This Month

The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Data Center Jira
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-39113 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-39111 MEDIUM This Month

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-39112 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-26083 MEDIUM PATCH This Month

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-26082 MEDIUM PATCH This Month

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-26081 MEDIUM PATCH This Month

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-26079 MEDIUM PATCH This Month

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-26078 MEDIUM POC PATCH This Month

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Atlassian Data Center Jira Jira Server
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.0%
CVE-2021-26076 LOW PATCH Monitor

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2021-26075 MEDIUM PATCH This Month

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-26071 LOW PATCH Monitor

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Atlassian Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
3.5
EPSS
0.5%
CVE-2021-26070 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center Jira Jira Server
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-26069 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center Jira Jira Data Center +1
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2020-14185 MEDIUM This Month

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-14184 MEDIUM This Month

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14183 MEDIUM This Month

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-14181 MEDIUM POC THREAT This Month

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.6%
CVE-2020-14178 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-14174 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-14173 MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian Jira Jira Data Center +2
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14172 CRITICAL Act Now

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Deserialization Jira Jira Software Data Center
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-4029 MEDIUM This Month

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-4025 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-4024 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4022 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14169 MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14168 MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-14167 HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-14165 MEDIUM This Month

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-14164 MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4028 MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4021 MEDIUM This Month

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-15013 MEDIUM This Month

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-16541 Maven CRITICAL PATCH Act Now

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Jira
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2019-15005 MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support Bamboo Bitbucket +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-8449 MEDIUM POC THREAT This Month

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Information Disclosure Jira
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
84.8%
CVE-2019-11588 MEDIUM This Month

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-11587 MEDIUM This Month

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-11586 MEDIUM This Month

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-11585 MEDIUM This Month

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-11584 MEDIUM This Month

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-11583 MEDIUM This Month

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-8443 HIGH This Week

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2019-8442 HIGH POC THREAT This Week

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Server
NVD
CVSS 3.1
7.5
EPSS
59.8%
CVE-2019-3403 MEDIUM POC THREAT This Month

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
52.6%
CVE-2019-3402 MEDIUM POC This Month

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
8.9%
CVE-2019-3401 MEDIUM POC THREAT This Month

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
12.7%
CVE-2019-3399 HIGH This Week

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-13402 MEDIUM This Month

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-13401 MEDIUM This Month

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-13400 MEDIUM This Month

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Atlassian Jira Jira Server
NVD
CVSS 3.0
4.7
EPSS
1.4%
CVE-2018-13395 MEDIUM This Month

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13391 MEDIUM This Month

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Server
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-5232 MEDIUM This Month

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13387 MEDIUM This Month

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-5231 HIGH This Week

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Server
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-5230 MEDIUM POC THREAT This Month

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
37.6%
CVE-2017-5983 CRITICAL POC Act Now

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization RCE Java Atlassian +1
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2016-4319 HIGH This Week

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Jira
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4318 MEDIUM This Month

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2016-6285 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2014-2314 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 65.8%.

Path Traversal Atlassian Jira
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
65.8%
Threat
4.3
CVE-2014-2313 MEDIUM This Month

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Atlassian Jira
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5319 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian XSS Jira
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-2928 MEDIUM This Month

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Atlassian Jira Gliffy +1
NVD
CVSS 2.0
6.4
EPSS
1.9%
CVE-2012-2926 CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo Confluence Confluence Server +4
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
67.6%
Threat
5.3
EPSS 0% CVSS 7.5
HIGH This Week

Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Gitlab Jira Denial Of Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost versions 11.1.2, 10.11.9, and 11.2.1 and earlier fail to properly enforce access controls in the Jira plugin's /create-issue API endpoint, allowing authenticated users to read restricted post content and attachments from channels they cannot access by referencing post IDs. An attacker with Jira plugin access can exploit this to enumerate and exfiltrate sensitive information from private or restricted channels. No patch is currently available for affected versions.

Jira Mattermost Server Suse
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Jirafeau's MIME type validation can be bypassed by sending crafted HTTP requests with invalid MIME types, allowing attackers to trigger browser-based MIME sniffing that may execute malicious JavaScript embedded in SVG or HTML files. An unauthenticated remote attacker can exploit this through a simple network request requiring user interaction to view a malicious preview. A patch is available and the vulnerability affects Jirafeau and related products.

Jira XSS Jirafeau
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. [CVSS 5.4 MEDIUM]

Jira XSS Worklogpro
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

WorklogPRO - Jira Timesheets plugin in the Jira Data Center versions up to 4.24.2 is affected by cross-site scripting (xss) (CVSS 6.1).

Jira XSS
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Neuvector Vulnerability Scanner +3
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jenkins +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Atlassian Authentication Bypass Data Center +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Jira +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Atlassian Data Center +3
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Data Center +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlassian Data Center +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Data Center +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Data Center +3
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center +3
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Atlassian Data Center +3
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Atlassian Data Center +2
NVD Exploit-DB
EPSS 1% CVSS 3.7
LOW PATCH Monitor

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Atlassian Data Center +3
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Data Center +2
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Data Center +3
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira
NVD
EPSS 100% CVSS 5.3
MEDIUM POC THREAT This Month

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Information Disclosure Data Center +2
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian +4
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Deserialization +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira +1
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support +7
NVD
EPSS 85% CVSS 5.3
MEDIUM POC THREAT This Month

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Information Disclosure +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira
NVD
EPSS 3% CVSS 8.1
HIGH This Week

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Jira +1
NVD
EPSS 60% CVSS 7.5
HIGH POC THREAT This Week

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 53% CVSS 5.3
MEDIUM POC THREAT This Month

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira +1
NVD
EPSS 9% CVSS 6.1
MEDIUM POC This Month

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 13% CVSS 5.3
MEDIUM POC THREAT This Month

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Open Redirect +2
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Atlassian Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira +1
NVD
EPSS 38% CVSS 6.1
MEDIUM POC THREAT This Month

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization RCE +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Jira
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira
NVD
EPSS 66% 4.3 CVSS 4.3
MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 65.8%.

Path Traversal Atlassian Jira
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Atlassian Jira
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian XSS Jira
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Atlassian +3
NVD
EPSS 68% 5.3 CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo +6
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy