CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41311
https://notcve.org/view.php?id=CVE-2021-41311
08 Dec 2021 — Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes con acceso a una cuenta de administrador a la que le es revocado el acceso, modific... • https://jira.atlassian.com/browse/JRASERVER-72802 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41309
https://notcve.org/view.php?id=CVE-2021-41309
08 Dec 2021 — Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten que un usuario al que le es revocado el acceso a Jira Service Managem... • https://jira.atlassian.com/browse/JRASERVER-72803 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41310
https://notcve.org/view.php?id=CVE-2021-41310
01 Nov 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos inyectar HTML o Java... • https://jira.atlassian.com/browse/JRASERVER-72800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41308
https://notcve.org/view.php?id=CVE-2021-41308
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos autenticados pero no administradores editar la c... • https://jira.atlassian.com/browse/JRASERVER-72940 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41307
https://notcve.org/view.php?id=CVE-2021-41307
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar los nombres de los proyectos privados y los filtros ... • https://jira.atlassian.com/browse/JRASERVER-72916 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-41306
https://notcve.org/view.php?id=CVE-2021-41306
26 Oct 2021 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos anónimos visualizar nombres privados de proyectos y filtros por medio de una vulnerabilidad Insecu... • https://jira.atlassian.com/browse/JRASERVER-72915 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36236
https://notcve.org/view.php?id=CVE-2020-36236
14 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos inyectar HTML o JavaScript arbitrario por medio de una vulnerabi... • https://jira.atlassian.com/browse/JRASERVER-72015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36235
https://notcve.org/view.php?id=CVE-2020-36235
14 Feb 2021 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos no autenticados visualizar campos personalizados y nombres de SLA personalizados por medio de una vulnerabilidad de divulga... • https://jira.atlassian.com/browse/JRASERVER-71950 •