Логотип exploitDog
product: "jira"
Консоль
Логотип exploitDog

exploitDog

product: "jira"
Atlassian JIRA

Atlassian JIRAпрограммный продукт, разработанный Atlassian, который позволяет отслеживать ошибки, проблемы и гибкое управление проектами.

Релизный цикл, информация об уязвимостях

Продукт: Atlassian JIRA
Вендор: atlassian

График релизов

9.129.139.149.159.169.1710.010.110.210.310.410.510.610.711.011.1202320242025202620272028

Недавние уязвимости Atlassian JIRA

Количество 306

github логотип

GHSA-cp57-2f38-rjxg

больше 3 лет назад

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-ccfj-r436-q2hv

больше 3 лет назад

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-wh7h-qh97-7vjv

больше 3 лет назад

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-h89j-v7mh-22q2

больше 3 лет назад

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-jw47-mjcp-rx65

больше 3 лет назад

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

CVSS3: 7.5
EPSS: Критический
github логотип

GHSA-vp8g-cgfg-r7f6

больше 3 лет назад

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

CVSS3: 6.1
EPSS: Средний
github логотип

GHSA-pmwf-r7hc-gwpq

больше 3 лет назад

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
EPSS: Высокий
github логотип

GHSA-6jvq-7cj3-36wh

больше 3 лет назад

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
EPSS: Высокий
github логотип

GHSA-7p7w-89xm-52j5

больше 3 лет назад

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

CVSS3: 6.1
EPSS: Средний
github логотип

GHSA-9qx4-m255-p25g

больше 3 лет назад

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-cp57-2f38-rjxg

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-ccfj-r436-q2hv

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-wh7h-qh97-7vjv

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-h89j-v7mh-22q2

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

CVSS3: 8.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-jw47-mjcp-rx65

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

CVSS3: 7.5
93%
Критический
больше 3 лет назад
github логотип
GHSA-vp8g-cgfg-r7f6

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

CVSS3: 6.1
41%
Средний
больше 3 лет назад
github логотип
GHSA-pmwf-r7hc-gwpq

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
83%
Высокий
больше 3 лет назад
github логотип
GHSA-6jvq-7cj3-36wh

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS3: 5.3
83%
Высокий
больше 3 лет назад
github логотип
GHSA-7p7w-89xm-52j5

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

CVSS3: 6.1
59%
Средний
больше 3 лет назад
github логотип
GHSA-9qx4-m255-p25g

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад

Уязвимостей на страницу

Поделиться