CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36238
https://notcve.org/view.php?id=CVE-2020-36238
01 Apr 2021 — The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. El recurso /rest/api/1.0/render en Jira Server y Data Center anterior a versión 8.5.13, desde versión 8.6.0 anterior a versión 8.13.5 y desde versión 8.14.0 anterior a versión 8.15.1, permite a atacantes anónimos remotos deter... • https://jira.atlassian.com/browse/JRASERVER-72249 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-26069
https://notcve.org/view.php?id=CVE-2021-26069
22 Mar 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. Versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos no autenticados descargar archivos t... • https://jira.atlassian.com/browse/JRASERVER-72010 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26070
https://notcve.org/view.php?id=CVE-2021-26070
22 Mar 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. Versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos evadir una protección detrás del firewall de los recursos app-linked por medio de una vulnerabilidad de Auten... • https://jira.atlassian.com/browse/JRASERVER-72029 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-36232
https://notcve.org/view.php?id=CVE-2020-36232
22 Feb 2021 — The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. La clase MessageBundleWhiteList de atlassian-gadgets versiones anteriores a 4.2.37, desde versiones ... • https://jira.atlassian.com/browse/JRASERVER-72025 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 2%CPEs: 6EXPL: 0CVE-2020-29453
https://notcve.org/view.php?id=CVE-2020-29453
18 Feb 2021 — The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. La clase CachingResourceDownloadRewriteRule en Jira Server y Jira Data Center versiones anteriores a 8.5.11, desde 8.6.0 anteriores a 8.13.3 y desde 8.14.0 anteriores a 8.15.0, permitía a atacantes remotos no au... • https://jira.atlassian.com/browse/JRASERVER-72014 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-29451
https://notcve.org/view.php?id=CVE-2020-29451
15 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos enumerar proyectos de Jira por medio de una vulnerabilidad de divulgación de información en la página de... • https://jira.atlassian.com/browse/JRASERVER-72000 •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36234
https://notcve.org/view.php?id=CVE-2020-36234
15 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS... • https://jira.atlassian.com/browse/JRASERVER-72059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36237
https://notcve.org/view.php?id=CVE-2020-36237
14 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar opciones de campo personalizadas por medio de una vulnerabilidad de divulgación de información en el endpoint /rest/api/2/cus... • https://jira.atlassian.com/browse/JRASERVER-72064 •
CVSS: 5.3EPSS: 96%CPEs: 6EXPL: 7CVE-2020-14181 – Atlassian JIRA 8.11.1 - User Enumeration
https://notcve.org/view.php?id=CVE-2020-14181
17 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario no autenticado enumere usuarios por medio de una vulnerabilidad de divulgación de información en el endpoint /ViewUs... • https://packetstorm.news/files/id/181035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •