Vulnerabilities > Atlassian > Jira Server > 8.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-18 | CVE-2019-15013 | Missing Authorization vulnerability in Atlassian Jira The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check. | 4.0 |
2019-09-19 | CVE-2019-15001 | Code Injection vulnerability in Atlassian Jira Server The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. | 9.0 |
2019-09-11 | CVE-2019-8451 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Server The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | 6.4 |
2019-09-11 | CVE-2019-8450 | Cross-site Scripting vulnerability in Atlassian Jira Server Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | 3.5 |
2019-09-11 | CVE-2019-14998 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | 4.3 |
2019-09-11 | CVE-2019-14997 | Unspecified vulnerability in Atlassian Jira Server The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. network atlassian | 4.3 |
2019-09-11 | CVE-2019-14996 | Cross-site Scripting vulnerability in Atlassian Jira Server The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 4.3 |
2019-09-11 | CVE-2019-14995 | Missing Authorization vulnerability in Atlassian Jira Server The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | 5.0 |