CVSS: 5.3EPSS: 2%CPEs: 2EXPL: 0CVE-2019-20403
https://notcve.org/view.php?id=CVE-2019-20403
06 Feb 2020 — The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. La API en Atlassian Jira Server y Data Center antes de la versión 8.6.0, permite a atacantes remotos determinar si una clave de proyecto Jira existe o no por medio de una vulnerabilidad de divulgación de información. • https://jira.atlassian.com/browse/JRASERVER-70565 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2019-20106
https://notcve.org/view.php?id=CVE-2019-20106
06 Feb 2020 — Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. Las propiedades de comentarios en Atlassian Jira Server y Data Center antes de la versión 7.13.12, desde versión 8.0.0 antes de la versión 8.5.4 y versión 8.6.0 antes de la versión 8.6.1, permiten a atacantes remotos hacer coment... • https://jira.atlassian.com/browse/JRASERVER-70543 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 23%CPEs: 12EXPL: 0CVE-2019-15001 – Jira Server / Data Center Template Injection
https://notcve.org/view.php?id=CVE-2019-15001
19 Sep 2019 — The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. El plugin Jira Importers en Atlassian Jira Server y Data Cente desde la versión 7.0.10 anterior a 7.6.16, desde ... • http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2018-20239
https://notcve.org/view.php?id=CVE-2018-20239
30 Apr 2019 — Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3... • https://ecosystem.atlassian.net/browse/APL-1373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •