Vulnerabilities > Atlassian > Jira Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2019-11587 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | 6.5 |
| 2019-08-23 | CVE-2019-11586 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2019-08-23 | CVE-2019-11585 | Open Redirect vulnerability in Atlassian Jira The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 6.1 |
| 2019-08-13 | CVE-2019-8448 | Unspecified vulnerability in Atlassian Jira Server The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 5.3 |
| 2019-08-09 | CVE-2019-11581 | Injection vulnerability in Atlassian Jira There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. | 9.8 |
| 2019-05-22 | CVE-2019-8443 | Improper Authentication vulnerability in Atlassian Jira The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 8.1 |
| 2019-05-22 | CVE-2019-8442 | Unspecified vulnerability in Atlassian Jira The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. | 7.5 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-22 | CVE-2019-3402 | Cross-site Scripting vulnerability in Atlassian Jira The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 6.1 |
| 2019-05-22 | CVE-2019-3401 | Incorrect Authorization vulnerability in Atlassian Jira The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |