Atlassian JIRA — программный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 306
CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
CVE-2017-18033
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
CVE-2017-16864
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-14594
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
CVE-2016-4319
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVE-2016-4318
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVE-2016-6285
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-16863 The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| CVE-2017-18033 The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | CVSS3: 6.5 | 0% Низкий | больше 7 лет назад |
| CVE-2017-16865 The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | CVSS3: 5.3 | 0% Низкий | больше 7 лет назад |
| CVE-2017-16864 The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| CVE-2017-16862 The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | CVSS3: 4.3 | 0% Низкий | больше 7 лет назад |
| CVE-2017-14594 The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| CVE-2017-5983 The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | CVSS3: 9.8 | 5% Низкий | больше 8 лет назад |
| CVE-2016-4319 Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | CVSS3: 8.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-4318 Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | CVSS3: 4.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-6285 Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | CVSS3: 6.1 | 1% Низкий | больше 8 лет назад |
Уязвимостей на страницу