Vulnerabilities > Atlassian > Jira Software Data Center > 7.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-02 | CVE-2020-36231 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. | 4.0 |
| 2020-09-01 | CVE-2020-14178 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. | 5.0 |
| 2020-07-13 | CVE-2020-14174 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. | 4.0 |
| 2020-07-13 | CVE-2019-20899 | Unspecified vulnerability in Atlassian products The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. | 5.0 |
| 2020-07-13 | CVE-2019-20898 | Information Exposure vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. | 5.0 |
| 2020-07-13 | CVE-2019-20897 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian products The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. | 4.0 |
| 2020-07-03 | CVE-2020-14173 | Cross-site Scripting vulnerability in Atlassian products The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | 3.5 |
| 2020-07-03 | CVE-2020-14172 | Deserialization of Untrusted Data vulnerability in Atlassian Jira and Jira Software Data Center This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. | 7.5 |
| 2020-07-03 | CVE-2019-20418 | Unspecified vulnerability in Atlassian Jira and Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. | 4.0 |
| 2020-07-01 | CVE-2020-4029 | Unspecified vulnerability in Atlassian products The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. | 4.0 |