CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14193
https://notcve.org/view.php?id=CVE-2020-14193
30 Nov 2020 — Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes &
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14189
https://notcve.org/view.php?id=CVE-2020-14189
09 Nov 2020 — The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. La función execute en el Atlassian gajira-comment GitHub Action anterior a versión 2.0.2, permite a atacantes remotos ejecutar código arbitrario en el contexto de un ejecutor de GitHub mediante la creación de un comentario de un problema de GitHub especialmente diseñado • https://github.com/atlassian/gajira-comment/security/advisories/GHSA-hj6w-pm28-h8hf •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14188
https://notcve.org/view.php?id=CVE-2020-14188
09 Nov 2020 — The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. La función preprocessArgs en el Atlassian gajira-create GitHub Action antes de la versión 2.0.1, permite a atacantes remotos ejecutar código arbitrario en el contexto de un ejecutor de GitHub mediante la creación de un problema de GitHub especialmente diseñado • https://github.com/atlassian/gajira-create/security/advisories/GHSA-4xqx-pqpj-9fqw •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14185
https://notcve.org/view.php?id=CVE-2020-14185
15 Oct 2020 — Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. Las versiones afectadas de Jira Server permiten a atacantes remotos no autenticados enumerar las claves de emisión por medio de una falta de comprobación de permisos en el recurso ActionsAndOperations. Las versiones afectadas... • https://jira.atlassian.com/browse/JRASERVER-71696 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14184
https://notcve.org/view.php?id=CVE-2020-14184
12 Oct 2020 — Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. Las versiones afectadas de Atlassian Jira Server, permiten a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabilidad de tipo Cross-Site Scripting (XSS) en los archivos de exportaci... • https://jira.atlassian.com/browse/JRASERVER-71652 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14183
https://notcve.org/view.php?id=CVE-2020-14183
06 Oct 2020 — Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1. Las versiones afectadas de Jira Server & Data Center, permiten a un atacante remoto con privilegios limitados (no de administrador) visualizar el S... • https://jira.atlassian.com/browse/JRASERVER-71646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14177
https://notcve.org/view.php?id=CVE-2020-14177
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos afectar la disponibilidad de la aplicación por medio de u... • https://jira.atlassian.com/browse/JRASERVER-71388 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14180
https://notcve.org/view.php?id=CVE-2020-14180
21 Sep 2020 — Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. Las versiones afectadas de Atlassian Jira Service Desk Server y Data Center permiten a atacantes remotos autenticados como usuarios no administradores visualizar Tipos de Peticiones y Desc... • https://jira.atlassian.com/browse/JSDSERVER-6917 •
CVSS: 5.3EPSS: 3%CPEs: 4EXPL: 4CVE-2020-14179
https://notcve.org/view.php?id=CVE-2020-14179
21 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. Las versiones afectadas de Atlassian Jira Server y Data Center, permiten a atacantes remotos no autenticados visualizar nombres de campos personalizados y nombres de SLA personalizad... • https://github.com/c0brabaghdad1/CVE-2020-14179 •
CVSS: 5.3EPSS: 96%CPEs: 6EXPL: 7CVE-2020-14181 – Atlassian JIRA 8.11.1 - User Enumeration
https://notcve.org/view.php?id=CVE-2020-14181
17 Sep 2020 — Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario no autenticado enumere usuarios por medio de una vulnerabilidad de divulgación de información en el endpoint /ViewUs... • https://packetstorm.news/files/id/181035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •