CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39128
https://notcve.org/view.php?id=CVE-2021-39128
16 Sep 2021 — Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacan... • https://jira.atlassian.com/browse/JRASERVER-72804 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39116
https://notcve.org/view.php?id=CVE-2021-39116
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos impactar en la disponibilidad de la aplicación a través de una vulnerabilidad de denegación de servicio (DoS) en el component... • https://jira.atlassian.com/browse/JRASERVER-72738 •
CVSS: 5.3EPSS: 94%CPEs: 6EXPL: 5CVE-2021-26086 – Atlassian Jira Server and Data Center Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-26086
16 Aug 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos leer archivos particulares por medio de una vulnerabilidad de salto de ruta en el endpoint /WEB-INF/web.xml. Las versione... • https://packetstorm.news/files/id/164405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-26080
https://notcve.org/view.php?id=CVE-2021-26080
07 Jun 2021 — EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. El archivo EditworkflowScheme.jspa en Jira Server y Jira Data Center versiones anteriores a 8.5.14, y desde versiones 8.6.0 anteriores a versiones 8.13.6, y desde versiones 8.14.0 anteriores a 8.16.1, permite a atacantes remotos inyectar HTML... • https://jira.atlassian.com/browse/JRASERVER-72432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14185
https://notcve.org/view.php?id=CVE-2020-14185
15 Oct 2020 — Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. Las versiones afectadas de Jira Server permiten a atacantes remotos no autenticados enumerar las claves de emisión por medio de una falta de comprobación de permisos en el recurso ActionsAndOperations. Las versiones afectadas... • https://jira.atlassian.com/browse/JRASERVER-71696 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-14177
https://notcve.org/view.php?id=CVE-2020-14177
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos afectar la disponibilidad de la aplicación por medio de u... • https://jira.atlassian.com/browse/JRASERVER-71388 •
CVSS: 5.3EPSS: 92%CPEs: 4EXPL: 4CVE-2020-14179
https://notcve.org/view.php?id=CVE-2020-14179
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos no autenticados visualizar nombres de campos personalizados y nombres de SLA personalizad... • https://github.com/c0brabaghdad1/CVE-2020-14179 •
CVSS: 5.3EPSS: 94%CPEs: 6EXPL: 7CVE-2020-14181 – Atlassian JIRA 8.11.1 - User Enumeration
https://notcve.org/view.php?id=CVE-2020-14181
17 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario no autenticado enumere usuarios por medio de una vulnerabilidad de divulgación de información en el endpoint /ViewUs... • https://packetstorm.news/files/id/181035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2020-14178
https://notcve.org/view.php?id=CVE-2020-14178
01 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos enumerar las claves de proyecto por medio de una vulnerabilidad de Divulgación de Información en el endpoint /br... • https://jira.atlassian.com/browse/JRASERVER-71498 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14174
https://notcve.org/view.php?id=CVE-2020-14174
13 Jul 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos visualizar títulos de un proyecto privado po... • https://jira.atlassian.com/browse/JRASERVER-71275 • CWE-639: Authorization Bypass Through User-Controlled Key •