Vulnerabilities > Atlassian > Jira > 8.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-23 | CVE-2019-20409 | Injection vulnerability in Atlassian Jira The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 7.5 |
| 2020-02-06 | CVE-2019-20402 | Unspecified vulnerability in Atlassian Jira and Jira Software Data Center Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability. | 4.0 |