Atlassian Jira Software Data Center vulnerabilities
45 known vulnerabilities affecting atlassian/jira_software_data_center.
Total CVEs
45
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH10MEDIUM30
Vulnerabilities
Page 3 of 3
CVE-2019-20409CRITICALCVSS 9.8fixed in 8.8.02020-06-23
CVE-2019-20409 [CRITICAL] CWE-74 CVE-2019-20409: The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to vers
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
nvd
CVE-2020-4028MEDIUMCVSS 5.3fixed in 8.9.12020-06-23
CVE-2020-4028 [MEDIUM] CWE-203 CVE-2020-4028: Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthe
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.
nvd
CVE-2020-4021MEDIUMCVSS 5.4fixed in 7.13.162020-06-01
CVE-2020-4021 [MEDIUM] CWE-79 CVE-2020-4021: Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data C
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.
nvd
CVE-2019-20402MEDIUMCVSS 4.9fixed in 8.6.02020-02-06
CVE-2019-20402 [MEDIUM] CVE-2019-20402: Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
nvd
CVE-2019-20106MEDIUMCVSS 4.3fixed in 7.13.122020-02-06
CVE-2019-20106 [MEDIUM] CWE-276 CVE-2019-20106: Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 befor
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.
nvd
← Previous3 / 3