Vulnerabilities > Atlassian > Jira Service Desk > 4.5.19

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2021-43959 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Service Desk and Jira Service Management
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight.
network
low complexity
atlassian CWE-918
5.7
2022-07-20 CVE-2022-26136 Improper Authentication vulnerability in Atlassian products
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps.
network
low complexity
atlassian CWE-287
critical
9.8
2022-07-20 CVE-2022-26137 Origin Validation Error vulnerability in Atlassian products
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses.
network
low complexity
atlassian CWE-346
8.8
2022-06-30 CVE-2022-26135 Server-Side Request Forgery (SSRF) vulnerability in Atlassian products
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint.
network
low complexity
atlassian CWE-918
6.5
2021-09-01 CVE-2021-39115 Code Injection vulnerability in Atlassian Jira Service Desk
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature.
network
low complexity
atlassian CWE-94
7.2
2020-09-21 CVE-2020-14180 Unspecified vulnerability in Atlassian Jira Service Desk
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource.
network
low complexity
atlassian
4.3
2020-07-01 CVE-2020-14166 Cross-site Scripting vulnerability in Atlassian Jira Service Desk
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
network
low complexity
atlassian CWE-79
4.8