Atlassian JIRA — программный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 305
GHSA-v734-hjcr-pm54
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
GHSA-7vh9-vmfj-h37x
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
GHSA-j5pf-67fx-vj74
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
GHSA-w84x-75fx-fxm2
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
GHSA-r798-mxm8-76rv
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
GHSA-v45j-7q58-p636
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
GHSA-xm63-47g5-8r8h
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.
GHSA-c774-74r4-2fqx
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.
GHSA-w89h-rg2q-xpj2
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
GHSA-gh3c-5h89-f225
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-v734-hjcr-pm54 The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-7vh9-vmfj-h37x The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-j5pf-67fx-vj74 The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-w84x-75fx-fxm2 The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-r798-mxm8-76rv Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-v45j-7q58-p636 Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | CVSS3: 4.8 | 0% Низкий | около 3 лет назад |
| GHSA-xm63-47g5-8r8h The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-c774-74r4-2fqx The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-w89h-rg2q-xpj2 The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-gh3c-5h89-f225 The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу