Vulnerabilities > Atlassian > Jira
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-09 | CVE-2018-20827 | Cross-site Scripting vulnerability in Atlassian Jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | 5.4 |
| 2019-08-09 | CVE-2018-20826 | Incorrect Authorization vulnerability in Atlassian Jira The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | 4.3 |
| 2019-06-26 | CVE-2019-11583 | Unspecified vulnerability in Atlassian Jira The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name". | 6.5 |
| 2019-05-22 | CVE-2019-8443 | Improper Authentication vulnerability in Atlassian Jira The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 8.1 |
| 2019-05-22 | CVE-2019-8442 | Unspecified vulnerability in Atlassian Jira The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. | 7.5 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-22 | CVE-2019-3402 | Cross-site Scripting vulnerability in Atlassian Jira The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 6.1 |
| 2019-05-22 | CVE-2019-3401 | Incorrect Authorization vulnerability in Atlassian Jira The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-03 | CVE-2018-20824 | Cross-site Scripting vulnerability in Atlassian Jira The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | 6.1 |
| 2019-04-30 | CVE-2019-3399 | Missing Authorization vulnerability in Atlassian Jira The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | 7.5 |