CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43946
https://notcve.org/view.php?id=CVE-2021-43946
05 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados añadir grupos de administradores para filtrar suscripciones a través de una v... • https://jira.atlassian.com/browse/JRASERVER-73071 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43942
https://notcve.org/view.php?id=CVE-2021-43942
04 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar H... • https://jira.atlassian.com/browse/JRASERVER-73068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41313
https://notcve.org/view.php?id=CVE-2021-41313
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una v... • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41308
https://notcve.org/view.php?id=CVE-2021-41308
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la c... • https://jira.atlassian.com/browse/JRASERVER-72940 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41307
https://notcve.org/view.php?id=CVE-2021-41307
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar los nombres de los proyectos privados y los filtros ... • https://jira.atlassian.com/browse/JRASERVER-72916 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41306
https://notcve.org/view.php?id=CVE-2021-41306
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar nombres privados de proyectos y filtros por medio de una vulnerabilidad Insecu... • https://jira.atlassian.com/browse/JRASERVER-72915 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41304
https://notcve.org/view.php?id=CVE-2021-41304
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o JavaScript arbitrarios a través de una vulnerabilidad de Cross-Sit... • https://jira.atlassian.com/browse/JRASERVER-72939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39128
https://notcve.org/view.php?id=CVE-2021-39128
16 Sep 2021 — Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacan... • https://jira.atlassian.com/browse/JRASERVER-72804 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39122
https://notcve.org/view.php?id=CVE-2021-39122
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar los correos electrónicos de los usuarios por medio de una vulnerabilidad de divulgac... • https://jira.atlassian.com/browse/JRASERVER-72293 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39121
https://notcve.org/view.php?id=CVE-2021-39121
08 Sep 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados enumerar las claves de los proyectos privad... • https://jira.atlassian.com/browse/JRASERVER-72715 •