Vulnerabilities > Atlassian > Jira Data Center > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-36799 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-07-20 | CVE-2022-26137 | Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. | 8.8 |
| 2022-03-08 | CVE-2021-43944 | Code Injection vulnerability in Atlassian Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-01-06 | CVE-2021-43947 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. | 7.2 |
| 2021-09-16 | CVE-2021-39128 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 7.2 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 7.5 |
| 2020-09-01 | CVE-2020-14178 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. | 7.5 |
| 2020-07-03 | CVE-2019-20419 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. | 7.8 |
| 2020-07-01 | CVE-2020-14167 | Unspecified vulnerability in Atlassian products The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | 7.5 |
| 2020-06-29 | CVE-2019-20413 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. | 7.5 |