CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39116
https://notcve.org/view.php?id=CVE-2021-39116
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos impactar en la disponibilidad de la aplicación a través de una vulnerabilidad de denegación de servicio (DoS) en el component... • https://jira.atlassian.com/browse/JRASERVER-72738 •
CVSS: 5.3EPSS: 94%CPEs: 6EXPL: 5CVE-2021-26086 – Atlassian Jira Server and Data Center Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-26086
16 Aug 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos leer archivos particulares por medio de una vulnerabilidad de salto de ruta en el endpoint /WEB-INF/web.xml. Las versione... • https://packetstorm.news/files/id/164405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-26080
https://notcve.org/view.php?id=CVE-2021-26080
07 Jun 2021 — EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. El archivo EditworkflowScheme.jspa en Jira Server y Jira Data Center versiones anteriores a 8.5.14, y desde versiones 8.6.0 anteriores a versiones 8.13.6, y desde versiones 8.14.0 anteriores a 8.16.1, permite a atacantes remotos inyectar HTML... • https://jira.atlassian.com/browse/JRASERVER-72432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-14177
https://notcve.org/view.php?id=CVE-2020-14177
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos afectar la disponibilidad de la aplicación por medio de u... • https://jira.atlassian.com/browse/JRASERVER-71388 •
CVSS: 5.3EPSS: 92%CPEs: 4EXPL: 4CVE-2020-14179
https://notcve.org/view.php?id=CVE-2020-14179
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos no autenticados visualizar nombres de campos personalizados y nombres de SLA personalizad... • https://github.com/c0brabaghdad1/CVE-2020-14179 •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2019-20419
https://notcve.org/view.php?id=CVE-2019-20419
03 Jul 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos ejecutar código arbitrario por medio de una vulnerabilidad de secuestro de DLL en Tomcat. Las versiones afectadas son las versiones anteriores a 8.5.5 y desde la versión 8.6.0 anter... • https://jira.atlassian.com/browse/JRASERVER-70945 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 23%CPEs: 12EXPL: 0CVE-2019-15001 – Jira Server / Data Center Template Injection
https://notcve.org/view.php?id=CVE-2019-15001
19 Sep 2019 — The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. El plugin Jira Importers en Atlassian Jira Server y Data Cente desde la versión 7.0.10 anterior a 7.6.16, desde ... • http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 94%CPEs: 1EXPL: 4CVE-2019-8451
https://notcve.org/view.php?id=CVE-2019-8451
11 Sep 2019 — The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. El recurso /plugins/servlet/gadgets/makeRequest en Jira versiones anteriores a 8.4.0, permite a atacantes remotos acceder al contenido de recursos de la red interna por medio de una vulnerabilidad de tipo Server Side Request Forgery (SSRF) debido a un err... • https://github.com/jas502n/CVE-2019-8451 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14998
https://notcve.org/view.php?id=CVE-2019-14998
11 Sep 2019 — The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. La implementación de la protección de Cross-Site Request Forgery (CSRF) de una acción de Webwork en Jira versiones anteriores a 8.4.0, permite a atacantes remotos omitir su protección mediante el "cookie tossing" de una cookie CSRF desde un subdominio de una instancia de Jira. • https://jira.atlassian.com/browse/JRASERVER-69791 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 2CVE-2019-14995
https://notcve.org/view.php?id=CVE-2019-14995
11 Sep 2019 — The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. El recurso /rest/api/1.0/render en Jira versiones anteriores a 8.4.0, permite a atacantes anónimos remotos determinar si existe un archivo adjunto con un nombre específico y si una clave de problema es válida mediante una falta de comprobación de permisos. • https://jira.atlassian.com/browse/JRASERVER-69792 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •