Vulnerabilities > Atlassian > Jira > 7.13.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-8449 | Missing Authentication for Critical Function vulnerability in Atlassian Jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 5.0 |
| 2019-08-23 | CVE-2019-11584 | Cross-site Scripting vulnerability in Atlassian Jira The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | 4.3 |
| 2019-06-26 | CVE-2019-11583 | Unspecified vulnerability in Atlassian Jira The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". | 4.0 |