Vulnerabilities > Atlassian > Jira > 7.1.12

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-8442 Unspecified vulnerability in Atlassian Jira
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
network
low complexity
atlassian
5.0
5.0
2019-05-22 CVE-2019-3403 Incorrect Authorization vulnerability in Atlassian Jira
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.0
5.0
2019-05-22 CVE-2019-3402 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
network
atlassian CWE-79
4.3
4.3
2019-05-22 CVE-2019-3401 Incorrect Authorization vulnerability in Atlassian Jira and Jira Server
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.0
5.0
2019-04-30 CVE-2019-3399 Missing Authorization vulnerability in Atlassian Jira
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.
network
low complexity
atlassian CWE-862
5.0
5.0
2019-02-13 CVE-2018-20232 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
network
atlassian CWE-79
3.5
3.5
2019-02-13 CVE-2018-13404 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira and Jira Server
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.0
4.0
2019-02-13 CVE-2018-13403 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
network
atlassian CWE-79
3.5
3.5
2018-10-23 CVE-2018-13402 Open Redirect vulnerability in Atlassian Jira and Jira Server
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
network
atlassian CWE-601
5.8
5.8
2018-10-23 CVE-2018-13401 Open Redirect vulnerability in Atlassian Jira and Jira Server
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
network
atlassian CWE-601
5.8
5.8