Логотип exploitDog
product: "jira"
Консоль
Логотип exploitDog

exploitDog

product: "jira"
Atlassian JIRA

Atlassian JIRAпрограммный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.

Релизный цикл, информация об уязвимостях

Продукт: Atlassian JIRA
Вендор: atlassian

График релизов

9.109.119.129.139.149.159.169.1710.010.110.210.310.410.510.610.7202320242025202620272028

Недавние уязвимости Atlassian JIRA

Количество 305

github логотип

GHSA-ccfj-r436-q2hv

около 3 лет назад

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-cp57-2f38-rjxg

около 3 лет назад

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-wh7h-qh97-7vjv

около 3 лет назад

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-h89j-v7mh-22q2

около 3 лет назад

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-jw47-mjcp-rx65

около 3 лет назад

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

CVSS3: 7.5
EPSS: Критический
github логотип

GHSA-6jvq-7cj3-36wh

около 3 лет назад

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
EPSS: Высокий
github логотип

GHSA-pmwf-r7hc-gwpq

около 3 лет назад

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
EPSS: Высокий
github логотип

GHSA-vp8g-cgfg-r7f6

около 3 лет назад

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

CVSS3: 6.1
EPSS: Средний
github логотип

GHSA-7p7w-89xm-52j5

около 3 лет назад

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

CVSS3: 6.1
EPSS: Средний
github логотип

GHSA-9qx4-m255-p25g

около 3 лет назад

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-ccfj-r436-q2hv

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

CVSS3: 5.4
0%
Низкий
около 3 лет назад
github логотип
GHSA-cp57-2f38-rjxg

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

CVSS3: 4.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-wh7h-qh97-7vjv

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

CVSS3: 6.5
1%
Низкий
около 3 лет назад
github логотип
GHSA-h89j-v7mh-22q2

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

CVSS3: 8.1
1%
Низкий
около 3 лет назад
github логотип
GHSA-jw47-mjcp-rx65

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

CVSS3: 7.5
93%
Критический
около 3 лет назад
github логотип
GHSA-6jvq-7cj3-36wh

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
83%
Высокий
около 3 лет назад
github логотип
GHSA-pmwf-r7hc-gwpq

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
83%
Высокий
около 3 лет назад
github логотип
GHSA-vp8g-cgfg-r7f6

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

CVSS3: 6.1
33%
Средний
около 3 лет назад
github логотип
GHSA-7p7w-89xm-52j5

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

CVSS3: 6.1
46%
Средний
около 3 лет назад
github логотип
GHSA-9qx4-m255-p25g

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

CVSS3: 7.5
1%
Низкий
около 3 лет назад

Уязвимостей на страницу

Поделиться