CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41313
https://notcve.org/view.php?id=CVE-2021-41313
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una v... • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41308
https://notcve.org/view.php?id=CVE-2021-41308
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la c... • https://jira.atlassian.com/browse/JRASERVER-72940 • CWE-285: Improper Authorization •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39128
https://notcve.org/view.php?id=CVE-2021-39128
16 Sep 2021 — Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacan... • https://jira.atlassian.com/browse/JRASERVER-72804 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39122
https://notcve.org/view.php?id=CVE-2021-39122
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar los correos electrónicos de los usuarios por medio de una vulnerabilidad de divulgac... • https://jira.atlassian.com/browse/JRASERVER-72293 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39121
https://notcve.org/view.php?id=CVE-2021-39121
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados enumerar las claves de los proyectos privad... • https://jira.atlassian.com/browse/JRASERVER-72715 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39116
https://notcve.org/view.php?id=CVE-2021-39116
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos impactar en la disponibilidad de la aplicación a través de una vulnerabilidad de denegación de servicio (DoS) en el component... • https://jira.atlassian.com/browse/JRASERVER-72738 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39111
https://notcve.org/view.php?id=CVE-2021-39111
30 Aug 2021 — The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. El plugin Editor en Atlassian Jira Server y Data Center versiones anteriores a 8.5.18, desde versiones 8.6.0 anteriores a 8.13.10, y desde versi... • https://jira.atlassian.com/browse/JRASERVER-72716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39112
https://notcve.org/view.php?id=CVE-2021-39112
25 Aug 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos redirigir a usuarios a una URL maliciosa por medio de una vulnerabilida... • https://jira.atlassian.com/browse/JRASERVER-72433 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •
CVSS: 5.3EPSS: 94%CPEs: 6EXPL: 5CVE-2021-26086 – Atlassian Jira Server and Data Center Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-26086
16 Aug 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos leer archivos particulares por medio de una vulnerabilidad de salto de ruta en el endpoint /WEB-INF/web.xml. Las versione... • https://packetstorm.news/files/id/164405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 0CVE-2020-36239 – Jira Ehcache RMI Missing Authentication
https://notcve.org/view.php?id=CVE-2020-36239
27 Jul 2021 — Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to... • https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •