Vulnerabilities > Atlassian > Jira > 8.12.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-39123 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. | 5.0 |
| 2021-09-14 | CVE-2021-39124 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. | 4.3 |
| 2021-09-01 | CVE-2021-39119 | Incorrect Authorization vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. | 5.0 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 5.0 |
| 2021-08-30 | CVE-2021-39117 | Cross-site Scripting vulnerability in Atlassian Data Center and Jira The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field. | 3.5 |
| 2021-08-02 | CVE-2017-18113 | Code Injection vulnerability in Atlassian Data Center and Jira The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. | 6.8 |
| 2021-04-09 | CVE-2020-36287 | Missing Authorization vulnerability in Atlassian products The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. | 5.0 |
| 2021-03-22 | CVE-2021-26070 | Improper Authentication vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. | 6.4 |
| 2021-02-15 | CVE-2020-36237 | Information Exposure vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. | 5.0 |
| 2021-02-15 | CVE-2020-36235 | Unspecified vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. | 5.0 |