CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20106
https://notcve.org/view.php?id=CVE-2019-20106
06 Feb 2020 — Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. Las propiedades de comentarios en Atlassian Jira Server y Data Center antes de la versión 7.13.12, desde versión 8.0.0 antes de la versión 8.5.4 y versión 8.6.0 antes de la versión 8.6.1, permiten a atacantes remotos hacer coment... • https://jira.atlassian.com/browse/JRASERVER-70543 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 23%CPEs: 12EXPL: 0CVE-2019-15001 – Jira Server / Data Center Template Injection
https://notcve.org/view.php?id=CVE-2019-15001
19 Sep 2019 — The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. El plugin Jira Importers en Atlassian Jira Server y Data Cente desde la versión 7.0.10 anterior a 7.6.16, desde ... • http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •