Vulnerabilities > Atlassian > Jira > 7.13.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2019-11588 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2019-08-23 | CVE-2019-11587 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | 4.3 |
| 2019-08-23 | CVE-2019-11586 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2019-08-23 | CVE-2019-11585 | Open Redirect vulnerability in Atlassian Jira The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 5.8 |
| 2019-08-23 | CVE-2019-11584 | Cross-site Scripting vulnerability in Atlassian Jira The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | 4.3 |
| 2019-08-09 | CVE-2018-20827 | Cross-site Scripting vulnerability in Atlassian Jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | 3.5 |
| 2019-06-26 | CVE-2019-11583 | Unspecified vulnerability in Atlassian Jira The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". | 4.0 |
| 2019-05-22 | CVE-2019-8443 | Improper Authentication vulnerability in Atlassian Jira and Jira Server The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 6.8 |
| 2019-05-22 | CVE-2019-8442 | Unspecified vulnerability in Atlassian Jira The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. | 5.0 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.0 |