8.5.9

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-15	CVE-2020-36236	Cross-site Scripting vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. network atlassian CWE-79	4.3
2021-02-15	CVE-2020-36235	Unspecified vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. network low complexity atlassian	5.0
2021-02-15	CVE-2020-36234	Cross-site Scripting vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. network atlassian CWE-79	3.5
2021-02-02	CVE-2020-36231	Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. network low complexity atlassian CWE-639	4.0
2020-07-13	CVE-2019-20898	Information Exposure vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. network low complexity atlassian CWE-200	5.0
2020-07-01	CVE-2020-14165	Incorrect Authorization vulnerability in Atlassian Jira The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. network low complexity atlassian CWE-863	5.0