Vulnerabilities > Atlassian > Jira

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-4022 Cross-site Scripting vulnerability in Atlassian products
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
network
low complexity
atlassian CWE-79
6.1
2020-07-01 CVE-2020-14169 Cross-site Scripting vulnerability in Atlassian Jira
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
network
low complexity
atlassian CWE-79
6.1
2020-07-01 CVE-2020-14168 Unspecified vulnerability in Atlassian products
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.
network
high complexity
atlassian
5.9
2020-07-01 CVE-2020-14167 Unspecified vulnerability in Atlassian products
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.
network
low complexity
atlassian
7.5
2020-07-01 CVE-2020-14165 Unspecified vulnerability in Atlassian Jira
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
network
low complexity
atlassian
5.3
2020-07-01 CVE-2020-14164 Cross-site Scripting vulnerability in Atlassian Jira
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
network
low complexity
atlassian CWE-79
6.1
2020-07-01 CVE-2019-20408 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
network
low complexity
atlassian CWE-918
5.3
2020-06-30 CVE-2019-20416 Cross-site Scripting vulnerability in Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature.
network
low complexity
atlassian CWE-79
4.8
2020-06-30 CVE-2019-20415 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian products
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
4.3
2020-06-29 CVE-2019-20414 Cross-site Scripting vulnerability in Atlassian products
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search.
network
low complexity
atlassian CWE-79
5.4