CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36800
https://notcve.org/view.php?id=CVE-2022-36800
03 Aug 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos sin el permiso "Browse Users" visualizar los grupos por medio de una vulnerabilidad de divulgación de información en ... • https://jira.atlassian.com/browse/JSDSERVER-11900 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 93%CPEs: 12EXPL: 1CVE-2022-0540
https://notcve.org/view.php?id=CVE-2022-0540
20 Apr 2022 — A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. Una vulnerabilidad en... • https://github.com/Pear1y/CVE-2022-0540-RCE • CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43943
https://notcve.org/view.php?id=CVE-2021-43943
24 Feb 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes con privilegios de administrador inyectar HTML o JavaScript arbitr... • https://jira.atlassian.com/browse/JSDSERVER-10980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43948
https://notcve.org/view.php?id=CVE-2021-43948
15 Feb 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar los nombres de los objetos privados por medio de una vulnerabilidad de Autorización Impropia en la fu... • https://jira.atlassian.com/browse/JSDSERVER-10981 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43950
https://notcve.org/view.php?id=CVE-2021-43950
15 Feb 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar la información de configuración de la fuente de importación por medio de una vulnerab... • https://jira.atlassian.com/browse/JSDSERVER-10983 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43949
https://notcve.org/view.php?id=CVE-2021-43949
10 Jan 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar objetos privados por medio de una vulnerabilidad de Control de Acceso Rotativo en la funcionalidad Custom Fields. Las... • https://jira.atlassian.com/browse/JSDSERVER-10982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43951
https://notcve.org/view.php?id=CVE-2021-43951
10 Jan 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar los detalles de la configuración de importación de objetos por medio de una vulner... • https://jira.atlassian.com/browse/JSDSERVER-10984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •