CVSS: 6.4EPSS: 11%CPEs: 2EXPL: 0CVE-2022-36801
https://notcve.org/view.php?id=CVE-2022-36801
10 Aug 2022 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (RXSS) Reflejado en el endpoint TeamM... • https://jira.atlassian.com/browse/JRASERVER-73740 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 2%CPEs: 6EXPL: 0CVE-2022-36799
https://notcve.org/view.php?id=CVE-2022-36799
01 Aug 2022 — This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in veloc... • https://jira.atlassian.com/browse/JRASERVER-73582 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 93%CPEs: 12EXPL: 1CVE-2022-0540
https://notcve.org/view.php?id=CVE-2022-0540
20 Apr 2022 — A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. Una vulnerabilidad en... • https://github.com/Pear1y/CVE-2022-0540-RCE • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43944
https://notcve.org/view.php?id=CVE-2021-43944
08 Mar 2022 — This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Este problema se presenta para documentar q... • https://jira.atlassian.com/browse/JRASERVER-73072 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43941
https://notcve.org/view.php?id=CVE-2021-43941
15 Feb 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos modificar varios recursos (incluyendo CsvFieldMappingsPage.jspa ... • https://jira.atlassian.com/browse/JRASERVER-73073 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43952
https://notcve.org/view.php?id=CVE-2021-43952
15 Feb 2022 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados restaurar la configuración por defecto de los campos por medio de una vulnerabilidad de tipo Cross-Site ... • https://jira.atlassian.com/browse/JRASERVER-73138 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43946
https://notcve.org/view.php?id=CVE-2021-43946
05 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados añadir grupos de administradores para filtrar suscripciones a través de una v... • https://jira.atlassian.com/browse/JRASERVER-73071 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41313
https://notcve.org/view.php?id=CVE-2021-41313
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una v... • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39126
https://notcve.org/view.php?id=CVE-2021-39126
21 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos modificar varios recursos a través de una vulnerabili... • https://jira.atlassian.com/browse/JRASERVER-71806 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39128
https://notcve.org/view.php?id=CVE-2021-39128
16 Sep 2021 — Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacan... • https://jira.atlassian.com/browse/JRASERVER-72804 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •