Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_data_center
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 78 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-29 | CVE-2019-20411 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server | 4.3 | ||
| 2020-06-29 | CVE-2019-20412 | The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2020-06-29 | CVE-2019-20413 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 7.5 | ||
| 2020-06-29 | CVE-2019-20414 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.4 | ||
| 2020-06-30 | CVE-2019-20415 | Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 4.3 | ||
| 2020-07-13 | CVE-2019-20897 | The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 6.5 | ||
| 2020-07-13 | CVE-2019-20899 | The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1. | Jira, Jira_data_center, Jira_server, Jira_software_data_center | 5.3 | ||
| 2020-07-13 | CVE-2019-20900 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0. | Jira_data_center, Jira_server | 4.8 |