Atlassian JIRA — программный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 306
GHSA-qc68-5gff-qw5c
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
GHSA-wwhc-hp78-qq9x
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.
GHSA-344x-g5pc-f6x4
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.
GHSA-3qm4-89p4-vrg6
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
GHSA-3mvr-qcj7-4jj5
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
GHSA-7qc8-6vj6-vfrq
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
BDU:2022-02565
Уязвимость платформы веб-аутентификации Jira Seraph систем отслеживания ошибок и инцидентов Jira и Jira Service Managment, позволяющая нарушителю повысить свои привилегии
GHSA-m3p3-2gp6-ghq8
Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
CVE-2022-29041
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-29041
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-qc68-5gff-qw5c The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | 1% Низкий | больше 3 лет назад | |
| GHSA-wwhc-hp78-qq9x Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. | 0% Низкий | больше 3 лет назад | |
| GHSA-344x-g5pc-f6x4 secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. | 0% Низкий | больше 3 лет назад | |
| GHSA-3qm4-89p4-vrg6 Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | 0% Низкий | больше 3 лет назад | |
| GHSA-3mvr-qcj7-4jj5 Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-7qc8-6vj6-vfrq Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | 0% Низкий | больше 3 лет назад | |
 | BDU:2022-02565 Уязвимость платформы веб-аутентификации Jira Seraph систем отслеживания ошибок и инцидентов Jira и Jira Service Managment, позволяющая нарушителю повысить свои привилегии | CVSS3: 10 | 92% Критический | больше 3 лет назад |
| GHSA-m3p3-2gp6-ghq8 Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin | CVSS3: 5.4 | 18% Средний | больше 3 лет назад |
 | CVE-2022-29041 Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | CVSS3: 5.4 | 18% Средний | больше 3 лет назад |
 | CVE-2022-29041 Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | CVSS3: 6.4 | 18% Средний | больше 3 лет назад |
Уязвимостей на страницу