CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16865
https://notcve.org/view.php?id=CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. El importador Trello en Atlassian Jira, en versiones anteriores a la 7.6.1, permite que atacantes remotos accedan al contenido de recursos de red internos mediante Server Side Request Forgery (SSRF). Cuando se ejecuta en un entorno como Amazon EC2, este error puede emplearse para acceder a un recurso de metadatos que proporciona credenciales de acceso y otro tipo de información potencialmente confidencial. • https://jira.atlassian.com/browse/JRASERVER-66642 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16862
https://notcve.org/view.php?id=CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. El recurso IncomingMailServers en Atlassian Jira, en versiones anteriores a la 7.6.2, permite que atacantes remotos modifiquen la configuración de lista blanca "incoming mail" mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/102506 https://jira.atlassian.com/browse/JRASERVER-66622 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14594
https://notcve.org/view.php?id=CVE-2017-14594
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. El recurso printable searchrequest issue en Atlassian Jira antes de la versión 7.2.12 y desde la versión 7.3.0 hasta la 7.6.1 permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro query de jqlQuery. • https://jira.atlassian.com/browse/JRASERVER-66495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16864
https://notcve.org/view.php?id=CVE-2017-16864
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. El recurso issue search en Atlassian Jira, en versiones anteriores a la 7.4.2, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro orderby. • http://www.securityfocus.com/bid/102505 https://jira.atlassian.com/browse/JRASERVER-66624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4318
https://notcve.org/view.php?id=CVE-2016-4318
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene XSS en project/ViewDefaultProjectRoleActors.jspa a través de un nombre de función. • http://www.securityfocus.com/bid/97516 https://confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016 https://jira.atlassian.com/browse/JRA-61861 https://jira.atlassian.com/browse/JRASERVER-61861 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •