Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 38 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-20 | CVE-2021-26083 | Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | Data_center, Jira, Jira_data_center, Jira_server | 5.4 | ||
| 2021-08-30 | CVE-2021-39113 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. | Data_center, Jira, Jira_data_center, Jira_server | 7.5 | ||
| 2021-08-25 | CVE-2021-39112 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | Data_center, Jira, Jira_data_center, Jira_server | 4.8 | ||
| 2021-08-30 | CVE-2021-39111 | The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. | Data_center, Jira, Jira_data_center, Jira_server | 6.1 | ||
| 2021-09-08 | CVE-2021-39121 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. | Data_center, Jira, Jira_data_center, Jira_server | 4.3 | ||
| 2021-09-08 | CVE-2021-39122 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | Data_center, Jira, Jira_data_center, Jira_server | 5.3 | ||
| 2021-10-26 | CVE-2021-41304 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. | Data_center, Jira, Jira_data_center, Jira_server | 6.1 | ||
| 2022-01-06 | CVE-2021-43947 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | Data_center, Jira, Jira_data_center, Jira_server | 7.2 | ||
| 2020-09-17 | CVE-2020-14181 | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. | Data_center, Jira, Jira_server | 5.3 | ||
| 2021-02-15 | CVE-2020-29451 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. | Data_center, Jira, Jira_server | 4.3 |