Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2019-8443 | Improper Authentication vulnerability in Atlassian Jira The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 8.1 |
| 2019-05-22 | CVE-2019-8442 | Unspecified vulnerability in Atlassian Jira The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. | 7.5 |
| 2019-05-22 | CVE-2019-3403 | Incorrect Authorization vulnerability in Atlassian Jira The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-22 | CVE-2019-3402 | Cross-site Scripting vulnerability in Atlassian Jira The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 6.1 |
| 2019-05-22 | CVE-2019-3401 | Incorrect Authorization vulnerability in Atlassian Jira The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 |
| 2019-05-03 | CVE-2019-3400 | Cross-site Scripting vulnerability in Atlassian Jira Server The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | 6.1 |
| 2019-05-03 | CVE-2018-20824 | Cross-site Scripting vulnerability in Atlassian Jira The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | 6.1 |
| 2019-04-30 | CVE-2019-3399 | Missing Authorization vulnerability in Atlassian Jira The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | 7.5 |
| 2019-04-30 | CVE-2018-20239 | Cross-site Scripting vulnerability in Atlassian products Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. | 5.4 |
| 2019-04-18 | CVE-2019-3398 | Path Traversal vulnerability in Atlassian Confluence Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. | 8.8 |