NotCVE - vendor:"Atlassian" product:"Jira Server" version:" >= 7.13.0

Page 3 of 45 results (0.001 seconds)

CVSS: 5.3EPSS: 2%CPEs: 2EXPL: 0

CVE-2019-20403

https://notcve.org/view.php?id=CVE-2019-20403

06 Feb 2020 — The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. La API en Atlassian Jira Server y Data Center antes de la versión 8.6.0, permite a atacantes remotos determinar si una clave de proyecto Jira existe o no por medio de una vulnerabilidad de divulgación de información. • https://jira.atlassian.com/browse/JRASERVER-70565 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-20401

https://notcve.org/view.php?id=CVE-2019-20401

06 Feb 2020 — Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. Varios recursos de configuración de instalación en Jira antes de la versión 8.5.2, permiten a atacantes remotos configurar una instancia de Jira, que aún no ha terminado de ser instalada, por medio de vulnerabilidades de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70406 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.0EPSS: 23%CPEs: 12EXPL: 0

CVE-2019-15001 – Jira Server / Data Center Template Injection

https://notcve.org/view.php?id=CVE-2019-15001

19 Sep 2019 — The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. El plugin Jira Importers en Atlassian Jira Server y Data Cente desde la versión 7.0.10 anterior a 7.6.16, desde ... • http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 94%CPEs: 1EXPL: 4

CVE-2019-8451

https://notcve.org/view.php?id=CVE-2019-8451

11 Sep 2019 — The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. El recurso /plugins/servlet/gadgets/makeRequest en Jira versiones anteriores a 8.4.0, permite a atacantes remotos acceder al contenido de recursos de la red interna por medio de una vulnerabilidad de tipo Server Side Request Forgery (SSRF) debido a un err... • https://github.com/jas502n/CVE-2019-8451 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-8450

https://notcve.org/view.php?id=CVE-2019-8450

11 Sep 2019 — Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. Varias plantillas del plugin Optimization en Jira versiones anteriores a 7.13.6, y desde la versión 8.0.0 anteriores a 8.4.0, permiten a atacantes remotos, que tienen permiso para administrar campos personali... • https://jira.atlassian.com/browse/JRASERVER-69795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2019-14998

https://notcve.org/view.php?id=CVE-2019-14998

11 Sep 2019 — The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. La implementación de la protección de Cross-Site Request Forgery (CSRF) de una acción de Webwork en Jira versiones anteriores a 8.4.0, permite a atacantes remotos omitir su protección mediante el "cookie tossing" de una cookie CSRF desde un subdominio de una instancia de Jira. • https://jira.atlassian.com/browse/JRASERVER-69791 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-14997

https://notcve.org/view.php?id=CVE-2019-14997

11 Sep 2019 — The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. La clase AccessLogFilter en Jira versiones anteriores a 8.4.0, permite a atacantes anónimos remotos saber detalles sobre otros usuarios, incluyendo su nombre de usuario, por medio de una exposición de información m... • https://jira.atlassian.com/browse/JRASERVER-69794 • CWE-524: Use of Cache Containing Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-14996

https://notcve.org/view.php?id=CVE-2019-14996

11 Sep 2019 — The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. El recurso FilterPickerPopup.jspa en Jira versiones anteriores a 7.13.7 y desde la versión 8.0.0 anteriores a 8.3.3, permite a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo cross-site-scripting (XSS) en ... • https://jira.atlassian.com/browse/JRASERVER-69790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 2

CVE-2019-14995

https://notcve.org/view.php?id=CVE-2019-14995

11 Sep 2019 — The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. El recurso /rest/api/1.0/render en Jira versiones anteriores a 8.4.0, permite a atacantes anónimos remotos determinar si existe un archivo adjunto con un nombre específico y si una clave de problema es válida mediante una falta de comprobación de permisos. • https://jira.atlassian.com/browse/JRASERVER-69792 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-8447

https://notcve.org/view.php?id=CVE-2019-8447

23 Aug 2019 — The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. El recurso ServiceExecutor en Jira antes de la versión 8.3.2 permite que los atacantes remotos activen la creación de archivos de exportación a través de una vulnerabilidad de falsificación de solicitudes entre sitios (CSRF). • https://jira.atlassian.com/browse/JRASERVER-69776 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4 5