Skip to main content

Jira Software Data Center

23 CVEs product

Monthly

CVE-2021-41311 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-41309 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41310 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-41308 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-41307 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41306 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Server Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41305 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira Jira Software Data Center
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-39127 MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-14178 HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-14174 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-14173 MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian Jira Jira Data Center +2
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14172 CRITICAL Act Now

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Deserialization Jira Jira Software Data Center
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-4029 MEDIUM This Month

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-4025 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-4024 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4022 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14169 MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14168 MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-14167 HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-14165 MEDIUM This Month

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-14164 MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4028 MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4021 MEDIUM This Month

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
1.0%
EPSS 1% CVSS 7.5
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Software Data Center
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Jira +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Jira +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Jira +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian +4
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Deserialization +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy