Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-30 | CVE-2020-18683 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | 7.5 |
| 2021-09-30 | CVE-2020-18684 | Integer Overflow or Wraparound vulnerability in Atlassian Floodlight Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | 7.5 |
| 2021-09-30 | CVE-2020-18685 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | 7.5 |
| 2021-09-16 | CVE-2021-39128 | Injection vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 6.5 |
| 2021-09-14 | CVE-2021-39125 | Information Exposure vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. | 5.0 |
| 2021-09-14 | CVE-2019-20101 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. | 5.0 |
| 2021-09-14 | CVE-2021-39118 | Information Exposure vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. | 5.0 |
| 2021-09-14 | CVE-2021-39123 | Resource Exhaustion vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. | 5.0 |
| 2021-09-14 | CVE-2021-39124 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. | 6.8 |
| 2021-09-08 | CVE-2021-39121 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. | 4.0 |