Vulnerabilities > Atlassian > Jira > 8.16.0

DATE CVE VULNERABILITY TITLE RISK
2022-02-28 CVE-2021-43945 Cross-site Scripting vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint.
network
atlassian CWE-79
3.5
2022-02-15 CVE-2021-43953 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint.
network
atlassian CWE-352
4.3
2021-09-14 CVE-2021-39118 Information Exposure vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint.
network
low complexity
atlassian CWE-200
5.0
2021-09-01 CVE-2021-39119 Incorrect Authorization vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature.
network
low complexity
atlassian CWE-863
5.0