CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43949
https://notcve.org/view.php?id=CVE-2021-43949
10 Jan 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar objetos privados por medio de una vulnerabilidad de Control de Acceso Rotativo en la funcionalidad Custom Fields. Las... • https://jira.atlassian.com/browse/JSDSERVER-10982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43951
https://notcve.org/view.php?id=CVE-2021-43951
10 Jan 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar los detalles de la configuración de importación de objetos por medio de una vulner... • https://jira.atlassian.com/browse/JSDSERVER-10984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2021-43947
https://notcve.org/view.php?id=CVE-2021-43947
06 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos con privilegios de administrador... • https://jira.atlassian.com/browse/JRASERVER-73067 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43946
https://notcve.org/view.php?id=CVE-2021-43946
05 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados añadir grupos de administradores para filtrar suscripciones a través de una v... • https://jira.atlassian.com/browse/JRASERVER-73071 •
CVSS: 6.1EPSS: 8%CPEs: 2EXPL: 0CVE-2021-43942
https://notcve.org/view.php?id=CVE-2021-43942
04 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar H... • https://jira.atlassian.com/browse/JRASERVER-73068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41311
https://notcve.org/view.php?id=CVE-2021-41311
08 Dec 2021 — Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes con acceso a una cuenta de administrador a la que le es revocado el acceso, modific... • https://jira.atlassian.com/browse/JRASERVER-72802 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41309
https://notcve.org/view.php?id=CVE-2021-41309
08 Dec 2021 — Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario al que le es revocado el acceso a Jira Service Managem... • https://jira.atlassian.com/browse/JRASERVER-72803 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41312
https://notcve.org/view.php?id=CVE-2021-41312
03 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a un atacante remoto al que le ha sido revocado el acceso a Jira Service Management ha... • https://jira.atlassian.com/browse/JRASERVER-72801 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41310
https://notcve.org/view.php?id=CVE-2021-41310
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o Java... • https://jira.atlassian.com/browse/JRASERVER-72800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41313
https://notcve.org/view.php?id=CVE-2021-41313
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos autenticados pero no administradores editar las configuraciones de los lotes de correo electrónico a través de una v... • https://jira.atlassian.com/browse/JRASERVER-72898 • CWE-285: Improper Authorization •