Vulnerabilities > Atlassian > Jira > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-03 | CVE-2020-14172 | Deserialization of Untrusted Data vulnerability in Atlassian Jira and Jira Software Data Center This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. | 7.5 |
2020-06-23 | CVE-2019-20409 | Injection vulnerability in Atlassian Jira The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | 7.5 |
2017-04-10 | CVE-2017-5983 | Deserialization of Untrusted Data vulnerability in Atlassian Jira The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | 7.5 |
2008-01-03 | CVE-2007-6619 | Permissions, Privileges, and Access Controls vulnerability in Atlassian Jira The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | 7.5 |