CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4021
https://notcve.org/view.php?id=CVE-2020-4021
01 Jun 2020 — Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. Unas versiones afectadas son: versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.1 de Atlassian Jira Server y Data Center, permiten a atacantes remotos inyectar HTML o Javascript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (X... • https://jira.atlassian.com/browse/JRASERVER-70923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20407
https://notcve.org/view.php?id=CVE-2019-20407
17 Mar 2020 — The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check. Se ha identificado una vulnerabilidad en el servidor de aplicaciones SPPA-T3000 (todas las versiones anteriores a la versión Service Pack R8.2 SP2). Un atacante con acceso de red al servidor de aplicaciones podría obtener acceso a registros y archivo... • https://jira.atlassian.com/browse/JRASERVER-70599 • CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20100
https://notcve.org/view.php?id=CVE-2019-20100
12 Feb 2020 — The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP... • https://ecosystem.atlassian.net/browse/APL-1390 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20099
https://notcve.org/view.php?id=CVE-2019-20099
12 Feb 2020 — The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componte VerifyPopServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un ata... • https://jira.atlassian.com/browse/JRASERVER-70606 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20098
https://notcve.org/view.php?id=CVE-2019-20098
12 Feb 2020 — The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componente VerifySmtpServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un... • https://jira.atlassian.com/browse/JRASERVER-70605 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20405
https://notcve.org/view.php?id=CVE-2019-20405
06 Feb 2020 — The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. El flag de monitoreo JMX en Atlassian Jira Server and Data Center antes de la versión 8.6.0, permite a atacantes remotos activar o desactivar el flag de monitoreo JMX por medio de una vulnerabilidad de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70570 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20404
https://notcve.org/view.php?id=CVE-2019-20404
06 Feb 2020 — The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. La API en Atlassian Jira Server y Data Center antes de la versión 8.6.0, permite a atacantes remotos autenticados determinar los títulos de proyectos a los que no tienen acceso por medio de una vulnerabilidad de autorización inapropiada. • https://jira.atlassian.com/browse/JRASERVER-70569 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20106
https://notcve.org/view.php?id=CVE-2019-20106
06 Feb 2020 — Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. Las propiedades de comentarios en Atlassian Jira Server y Data Center antes de la versión 7.13.12, desde versión 8.0.0 antes de la versión 8.5.4 y versión 8.6.0 antes de la versión 8.6.1, permiten a atacantes remotos hacer coment... • https://jira.atlassian.com/browse/JRASERVER-70543 • CWE-276: Incorrect Default Permissions •