Atlassian - Jira Server CVE

Filtered by vendor Atlassian Subscribe

Filtered by product Jira Server

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 11 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-14179	1 Atlassian	2 Jira Data Center, Jira Server	2022-07-27	5.0 MEDIUM	5.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
CVE-2018-20239	1 Atlassian	8 Application Links, Confluence Data Center, Confluence Server and 5 more	2022-07-27	3.5 LOW	5.4 MEDIUM
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
CVE-2021-39127	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2022-07-12	5.0 MEDIUM	5.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
CVE-2021-43946	1 Atlassian	2 Jira Data Center, Jira Server	2022-07-12	4.0 MEDIUM	6.5 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.
CVE-2022-26135	1 Atlassian	3 Jira Data Center, Jira Server, Jira Service Management	2022-07-12	4.0 MEDIUM	6.5 MEDIUM
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
CVE-2021-43941	1 Atlassian	2 Jira Data Center, Jira Server	2022-06-10	4.3 MEDIUM	6.5 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2021-43952	1 Atlassian	2 Jira Data Center, Jira Server	2022-06-03	4.3 MEDIUM	4.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.
CVE-2021-26080	1 Atlassian	2 Jira Data Center, Jira Server	2022-05-05	4.3 MEDIUM	6.1 MEDIUM
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
CVE-2021-41313	1 Atlassian	2 Jira Data Center, Jira Server	2022-04-25	4.0 MEDIUM	4.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.
CVE-2020-36289	1 Atlassian	4 Data Center, Jira, Jira Data Center and 1 more	2022-03-30	5.0 MEDIUM	5.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
CVE-2021-39125	1 Atlassian	3 Data Center, Jira, Jira Server	2022-03-25	5.0 MEDIUM	5.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

Vulnerabilities (CVE)

CVSS v3 Filter

Search