Логотип exploitDog
product: "jira"
Консоль
Логотип exploitDog

exploitDog

product: "jira"
Atlassian JIRA

Atlassian JIRAпрограммный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.

Релизный цикл, информация об уязвимостях

Продукт: Atlassian JIRA
Вендор: atlassian

График релизов

9.119.129.139.149.159.169.1710.010.110.210.310.410.510.610.711.0202320242025202620272028

Недавние уязвимости Atlassian JIRA

Количество 306

nvd логотип

CVE-2017-18104

около 7 лет назад

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.

CVSS3: 5.9
EPSS: Низкий
nvd логотип

CVE-2018-5232

около 7 лет назад

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2018-13387

около 7 лет назад

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2018-5231

больше 7 лет назад

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2018-5230

больше 7 лет назад

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

CVSS3: 6.1
EPSS: Средний
nvd логотип

CVE-2017-18101

больше 7 лет назад

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2017-18100

больше 7 лет назад

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2017-18098

больше 7 лет назад

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2017-18097

больше 7 лет назад

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

CVSS3: 5.4
EPSS: Низкий
nvd логотип

CVE-2017-18039

больше 7 лет назад

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

CVSS3: 6.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2017-18104

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.

CVSS3: 5.9
0%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-5232

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.

CVSS3: 6.1
0%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-13387

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.

CVSS3: 6.1
0%
Низкий
около 7 лет назад
nvd логотип
CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

CVSS3: 7.5
1%
Низкий
больше 7 лет назад
nvd логотип
CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.

CVSS3: 6.1
20%
Средний
больше 7 лет назад
nvd логотип
CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

CVSS3: 6.5
0%
Низкий
больше 7 лет назад
nvd логотип
CVE-2017-18100

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

CVSS3: 6.1
0%
Низкий
больше 7 лет назад
nvd логотип
CVE-2017-18098

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

CVSS3: 6.1
0%
Низкий
больше 7 лет назад
nvd логотип
CVE-2017-18097

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

CVSS3: 5.4
0%
Низкий
больше 7 лет назад
nvd логотип
CVE-2017-18039

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

CVSS3: 6.1
0%
Низкий
больше 7 лет назад

Уязвимостей на страницу

Поделиться