Логотип exploitDog
product: "jira"
Консоль
Логотип exploitDog

exploitDog

product: "jira"
Atlassian JIRA

Atlassian JIRAпрограммный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.

Релизный цикл, информация об уязвимостях

Продукт: Atlassian JIRA
Вендор: atlassian

График релизов

9.109.119.129.139.149.159.169.1710.010.110.210.310.410.510.610.7202320242025202620272028

Недавние уязвимости Atlassian JIRA

Количество 305

nvd логотип

CVE-2020-14184

больше 4 лет назад

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.

CVSS3: 5.4
EPSS: Низкий
nvd логотип

CVE-2020-14183

больше 4 лет назад

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.

CVSS3: 4.3
EPSS: Низкий
fstec логотип

BDU:2021-01858

больше 4 лет назад

Уязвимость фильтра при экспортировании файла системы отслеживания ошибок Jira, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

CVSS3: 5.4
EPSS: Низкий
nvd логотип

CVE-2020-14181

почти 5 лет назад

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

CVSS3: 5.3
EPSS: Критический
fstec логотип

BDU:2020-04776

почти 5 лет назад

Уязвимость компонента «/ViewUserHover.jspa» системы отслеживания ошибок Jira, позволяющая нарушителю раскрыть учетные данные пользователей

CVSS3: 5.3
EPSS: Критический
nvd логотип

CVE-2020-14178

почти 5 лет назад

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2020-14174

почти 5 лет назад

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2019-20901

почти 5 лет назад

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2019-20899

почти 5 лет назад

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2019-20898

почти 5 лет назад

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.

CVSS3: 5.4
0%
Низкий
больше 4 лет назад
nvd логотип
CVE-2020-14183

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.

CVSS3: 4.3
0%
Низкий
больше 4 лет назад
fstec логотип
BDU:2021-01858

Уязвимость фильтра при экспортировании файла системы отслеживания ошибок Jira, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

CVSS3: 5.4
0%
Низкий
больше 4 лет назад
nvd логотип
CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

CVSS3: 5.3
94%
Критический
почти 5 лет назад
fstec логотип
BDU:2020-04776

Уязвимость компонента «/ViewUserHover.jspa» системы отслеживания ошибок Jira, позволяющая нарушителю раскрыть учетные данные пользователей

CVSS3: 5.3
94%
Критический
почти 5 лет назад
nvd логотип
CVE-2020-14178

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.

CVSS3: 7.5
1%
Низкий
почти 5 лет назад
nvd логотип
CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.

CVSS3: 4.3
0%
Низкий
почти 5 лет назад
nvd логотип
CVE-2019-20901

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

CVSS3: 6.1
0%
Низкий
почти 5 лет назад
nvd логотип
CVE-2019-20899

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.

CVSS3: 5.3
1%
Низкий
почти 5 лет назад
nvd логотип
CVE-2019-20898

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.

CVSS3: 7.5
0%
Низкий
почти 5 лет назад

Уязвимостей на страницу

Поделиться