CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-49673
https://notcve.org/view.php?id=CVE-2023-49673
29 Nov 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. Una vulnerabilidad de cross-site request forgery (CSRF) en Jenkins NeuVector Vulnerability Scanner Plugin 1.22 y versiones anteriores permite a los atacantes conectarse a un nombre de host y puerto especificados por el atacante utilizando un nombre de usuario y contraseña esp... • http://www.openwall.com/lists/oss-security/2023/11/29/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49653
https://notcve.org/view.php?id=CVE-2023-49653
29 Nov 2023 — Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. Jenkins Jira Plugin 3.11 y versiones anteriores no establecen el contexto apropiado para la búsqueda de credenciales, lo que permite a los atacantes con permiso Elemento/Configurar acceder y capturar credenciales a las que no tienen derecho. • http://www.openwall.com/lists/oss-security/2023/11/29/1 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29041 – Jira: Stored XSS vulnerabilities in Jenkins Jira plugin
https://notcve.org/view.php?id=CVE-2022-29041
12 Apr 2022 — Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Jira versiones 3.7 y anteriores, excepto 3.6.1, no escapa el nombre y la descripción de los parámetros Jira Issue y Jira Release Version en las visualizaciones que muestran parámetros, resultando en u... • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43945
https://notcve.org/view.php?id=CVE-2021-43945
28 Feb 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos con permisos de administrador de hojas de ruta inyectar HTML o JavaScript arbitrarios por medio de un... • https://jira.atlassian.com/browse/JRASERVER-73069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43953
https://notcve.org/view.php?id=CVE-2021-43953
15 Feb 2022 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a los atacantes remotos no autentificados cambiar la configuración de la retención ... • https://jira.atlassian.com/browse/JRASERVER-73170 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43947
https://notcve.org/view.php?id=CVE-2021-43947
06 Jan 2022 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos con privilegios de administrador... • https://jira.atlassian.com/browse/JRASERVER-73067 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41312
https://notcve.org/view.php?id=CVE-2021-41312
03 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a un atacante remoto al que le ha sido revocado el acceso a Jira Service Management ha... • https://jira.atlassian.com/browse/JRASERVER-72801 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41308
https://notcve.org/view.php?id=CVE-2021-41308
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la c... • https://jira.atlassian.com/browse/JRASERVER-72940 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41307
https://notcve.org/view.php?id=CVE-2021-41307
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar los nombres de los proyectos privados y los filtros ... • https://jira.atlassian.com/browse/JRASERVER-72916 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41306
https://notcve.org/view.php?id=CVE-2021-41306
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar nombres privados de proyectos y filtros por medio de una vulnerabilidad Insecu... • https://jira.atlassian.com/browse/JRASERVER-72915 • CWE-639: Authorization Bypass Through User-Controlled Key •