CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20414
https://notcve.org/view.php?id=CVE-2019-20414
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos inyectar HTML o JavaScript arbitrarios por medio de una vulnerabilidad de tipo cross site scripting (XSS) en Issue Navigator Basic S... • https://jira.atlassian.com/browse/JRASERVER-70885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20413
https://notcve.org/view.php?id=CVE-2019-20413
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos afectar la disponibilidad de la aplicación por medio de una vulnerabilidad de denegación de servicio (DoS) en la página UserPicker... • https://jira.atlassian.com/browse/JRASERVER-70883 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20412
https://notcve.org/view.php?id=CVE-2019-20412
29 Jun 2020 — The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. La página Convert Sub-Task to Issue en las versiones afectadas de Atlassian Jira Server y Data Center, permite a atac... • https://jira.atlassian.com/browse/JRASERVER-70882 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20411
https://notcve.org/view.php?id=CVE-2019-20411
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos modificar la configuración de Wallboard por medio de una vulnerabilidad de tipo Cross-site request forgery (CSRF). Las versiones afectadas son anteriores a la versión ... • https://jira.atlassian.com/browse/JRASERVER-70881 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20410
https://notcve.org/view.php?id=CVE-2019-20410
29 Jun 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos visualizar información confidencial por medio de una vulnerabilidad de divulgación de información en la fun... • https://jira.atlassian.com/browse/JRASERVER-70884 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4028
https://notcve.org/view.php?id=CVE-2020-4028
23 Jun 2020 — Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. En versiones anteriores a 8.9.1, varios recursos en Jira respondieron con un 404 en lugar de redireccionar a los usuarios no autenticados a la página de inicio de sesión, en algunas situaciones esto puede haber permiti... • https://jira.atlassian.com/browse/JRASERVER-71175 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2019-20409
https://notcve.org/view.php?id=CVE-2019-20409
23 Jun 2020 — The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. La manera en que las plantillas de velocidad se usaron en Atlassian Jira Server y Data Center anteriores a la versión 8.8.0, permitió a atacantes remotos obtener una ejecución de código remota, si eran capaces de explotar una vulnerabilidad de inyección de plantillas de... • https://jira.atlassian.com/browse/JRASERVER-70944 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4021
https://notcve.org/view.php?id=CVE-2020-4021
01 Jun 2020 — Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. Unas versiones afectadas son: versiones anteriores a 8.5.5, y desde versiones 8.6.0 anteriores a 8.8.1 de Atlassian Jira Server y Data Center, permiten a atacantes remotos inyectar HTML o Javascript arbitrario por medio de una vulnerabilidad de tipo cross site scripting (X... • https://jira.atlassian.com/browse/JRASERVER-70923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2012-1500 – jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1500
13 Feb 2020 — Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. Una vulnerabilidad de tipo XSS almacenado del archivo UpdateFieldJson.jspa en JIRA versión 4.4.3 y GreenHopper versiones anteriores a 5.9.8, permite a un atacante inyectar código de script arbitrario. • https://www.exploit-db.com/exploits/21052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2019-20100
https://notcve.org/view.php?id=CVE-2019-20100
12 Feb 2020 — The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP... • https://ecosystem.atlassian.net/browse/APL-1390 • CWE-352: Cross-Site Request Forgery (CSRF) •