Filtered by vendor Atlassian
Subscribe
Total
433 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-36235 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | |||||
CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
CVE-2020-14179 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. | |||||
CVE-2020-29446 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | |||||
CVE-2020-36234 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
CVE-2020-29453 | 1 Atlassian | 3 Data Center, Jira Data Center, Jira Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
CVE-2020-14190 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | |||||
CVE-2020-14184 | 1 Atlassian | 2 Jira, Jira Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. | |||||
CVE-2020-29450 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0. | |||||
CVE-2021-26068 | 1 Atlassian | 1 Jira Server For Slack | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | |||||
CVE-2019-20413 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | |||||
CVE-2020-4013 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | |||||
CVE-2020-4029 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | |||||
CVE-2020-4028 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | |||||
CVE-2020-4022 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. | |||||
CVE-2020-4026 | 1 Atlassian | 1 Navigator Links | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | |||||
CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | |||||
CVE-2019-20898 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. | |||||
CVE-2020-14173 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | |||||
CVE-2019-20410 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. |