CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20099
https://notcve.org/view.php?id=CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componte VerifyPopServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un ataque de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70606 https://www.tenable.com/security/research/tra-2020-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20098
https://notcve.org/view.php?id=CVE-2019-20098
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componente VerifySmtpServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un ataque de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70605 https://www.tenable.com/security/research/tra-2020-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20404
https://notcve.org/view.php?id=CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. La API en Atlassian Jira Server y Data Center antes de la versión 8.6.0, permite a atacantes remotos autenticados determinar los títulos de proyectos a los que no tienen acceso por medio de una vulnerabilidad de autorización inapropiada. • https://jira.atlassian.com/browse/JRASERVER-70569 •