Vulnerabilities > Atlassian > Jira Data Center > 8.6.0

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2019-20100 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF).
network
atlassian CWE-352
4.3
4.3
2020-02-12 CVE-2019-20099 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF).
network
atlassian CWE-352
4.3
4.3
2020-02-12 CVE-2019-20098 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF).
network
atlassian CWE-352
4.3
4.3
2020-02-06 CVE-2019-20106 Incorrect Default Permissions vulnerability in Atlassian products
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.
network
low complexity
atlassian CWE-276
4.0
4.0