Vulnerabilities > Atlassian > Jira Data Center > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-21 | CVE-2024-21683 | Unspecified vulnerability in Atlassian products This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. | 8.8 |
| 2022-08-01 | CVE-2022-36799 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-07-20 | CVE-2022-26137 | Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. | 8.8 |
| 2022-03-08 | CVE-2021-43944 | Code Injection vulnerability in Atlassian Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |
| 2022-01-06 | CVE-2021-43947 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. | 7.2 |
| 2021-09-16 | CVE-2021-39128 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 7.2 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 7.5 |
| 2020-09-01 | CVE-2020-14178 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. | 7.5 |
| 2020-07-03 | CVE-2019-20419 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. | 7.8 |
| 2020-07-01 | CVE-2020-14167 | Unspecified vulnerability in Atlassian products The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | 7.5 |