Filtered by vendor Atlassian
Subscriptions
Total
444 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20419 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 7.8 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. | ||||
| CVE-2019-20418 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | ||||
| CVE-2019-20416 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.8 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | ||||
| CVE-2019-20415 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.3 Medium |
| Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | ||||
| CVE-2019-20414 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.4 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20413 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20412 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.3 Medium |
| The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20411 | 1 Atlassian | 3 Jira, Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20410 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 9.8 Critical |
| The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | ||||
| CVE-2019-20408 | 1 Atlassian | 1 Jira | 2024-11-21 | 5.3 Medium |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | ||||
| CVE-2019-20407 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check. | ||||
| CVE-2019-20406 | 2 Atlassian, Microsoft | 3 Confluence, Confluence Server, Windows | 2024-11-21 | 7.8 High |
| The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | ||||
| CVE-2019-20405 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2019-20404 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. | ||||
| CVE-2019-20403 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 5.3 Medium |
| The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | ||||
| CVE-2019-20402 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.9 Medium |
| Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | ||||
| CVE-2019-20401 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.5 Medium |
| Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. | ||||
| CVE-2019-20400 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 7.8 High |
| The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | ||||
| CVE-2019-20106 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.3 Medium |
| Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | ||||