Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jira_server
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 133 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-13 | CVE-2018-20232 | The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | Jira, Jira_server | 5.4 | ||
| 2019-04-30 | CVE-2019-3399 | The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | Jira, Jira_server | 7.5 | ||
| 2019-05-22 | CVE-2019-3401 | The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | Jira, Jira_server | 5.3 | ||
| 2019-05-22 | CVE-2019-3402 | The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | Jira, Jira_server | 6.1 | ||
| 2019-05-22 | CVE-2019-3403 | The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | Jira, Jira_server | 5.3 | ||
| 2019-08-13 | CVE-2019-8448 | The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | Jira_server | 5.3 | ||
| 2019-08-23 | CVE-2019-11585 | The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | Jira, Jira_server | 6.1 | ||
| 2019-08-23 | CVE-2019-11586 | The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | Jira, Jira_server | 4.3 | ||
| 2019-08-23 | CVE-2019-11587 | Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | Jira, Jira_server | 6.5 | ||
| 2019-08-23 | CVE-2019-11588 | The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | Jira, Jira_server | 4.3 |