CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26070
https://notcve.org/view.php?id=CVE-2021-26070
22 Mar 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. Versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos evadir una protección detrás del firewall de los recursos app-linked por medio de una vulnerabilidad de Auten... • https://jira.atlassian.com/browse/JRASERVER-72029 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-36232
https://notcve.org/view.php?id=CVE-2020-36232
22 Feb 2021 — The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. La clase MessageBundleWhiteList de atlassian-gadgets versiones anteriores a 4.2.37, desde versiones ... • https://jira.atlassian.com/browse/JRASERVER-72025 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-29451
https://notcve.org/view.php?id=CVE-2020-29451
15 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos enumerar proyectos de Jira por medio de una vulnerabilidad de divulgación de información en la página de... • https://jira.atlassian.com/browse/JRASERVER-72000 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36237
https://notcve.org/view.php?id=CVE-2020-36237
14 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar opciones de campo personalizadas por medio de una vulnerabilidad de divulgación de información en el endpoint /rest/api/2/cus... • https://jira.atlassian.com/browse/JRASERVER-72064 •