CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20414
https://notcve.org/view.php?id=CVE-2019-20414
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos inyectar HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo cross site scripting (XSS) en Issue Navigator Basic S... • https://jira.atlassian.com/browse/JRASERVER-70885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2019-20413
https://notcve.org/view.php?id=CVE-2019-20413
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos afectar la disponibilidad de la aplicación por medio de una vulnerabilidad de denegación de servicio (DoS) en la página UserPicker... • https://jira.atlassian.com/browse/JRASERVER-70883 •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2019-20412
https://notcve.org/view.php?id=CVE-2019-20412
29 Jun 2020 — The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. La página Convert Sub-Task to Issue en las versiones afectadas de Atlassian Jira Server y Data Center, permite a atac... • https://jira.atlassian.com/browse/JRASERVER-70882 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-20410
https://notcve.org/view.php?id=CVE-2019-20410
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos visualizar información confidencial por medio de una vulnerabilidad de divulgación de información en la fun... • https://jira.atlassian.com/browse/JRASERVER-70884 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4028
https://notcve.org/view.php?id=CVE-2020-4028
23 Jun 2020 — Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. En versiones anteriores a 8.9.1, varios recursos en Jira respondieron con un 404 en lugar de redireccionar a los usuarios no autenticados a la página de inicio de sesión, en algunas situaciones esto puede haber permiti... • https://jira.atlassian.com/browse/JRASERVER-71175 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2019-20409
https://notcve.org/view.php?id=CVE-2019-20409
23 Jun 2020 — The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. La manera en que las plantillas de velocidad se usaron en Atlassian Jira Server y Data Center anteriores a la versión 8.8.0, permitió a atacantes remotos obtener una ejecución de código remota, si eran capaces de explotar una vulnerabilidad de inyección de plantillas de... • https://jira.atlassian.com/browse/JRASERVER-70944 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4021
https://notcve.org/view.php?id=CVE-2020-4021
01 Jun 2020 — Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. Unas versiones afectadas son: versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.1 de Atlassian Jira Server y Data Center, permiten a atacantes remotos inyectar HTML o Javascript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (X... • https://jira.atlassian.com/browse/JRASERVER-70923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20402
https://notcve.org/view.php?id=CVE-2019-20402
06 Feb 2020 — Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. Los archivos zip de soporte en Atlassian Jira Server y Data Center antes de que la versión 8.6.0, pudieran ser descargados por un usuario del Administrador de Sistema sin requerir que el usuario reingrese su contraseña por medio de una vulnerabilidad de autorización inapropiada. • https://jira.atlassian.com/browse/JRASERVER-70564 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20106
https://notcve.org/view.php?id=CVE-2019-20106
06 Feb 2020 — Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. Las propiedades de comentarios en Atlassian Jira Server y Data Center antes de la versión 7.13.12, desde versión 8.0.0 antes de la versión 8.5.4 y versión 8.6.0 antes de la versión 8.6.1, permiten a atacantes remotos hacer coment... • https://jira.atlassian.com/browse/JRASERVER-70543 • CWE-276: Incorrect Default Permissions •