Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-41308 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. | 4.0 |
| 2021-10-21 | CVE-2021-39126 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. | 4.3 |
| 2021-10-21 | CVE-2021-39127 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. | 5.0 |
| 2021-09-30 | CVE-2020-18683 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | 7.5 |
| 2021-09-30 | CVE-2020-18684 | Integer Overflow or Wraparound vulnerability in Atlassian Floodlight Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | 7.5 |
| 2021-09-30 | CVE-2020-18685 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | 7.5 |
| 2021-09-16 | CVE-2021-39128 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 6.5 |
| 2021-09-14 | CVE-2021-39125 | Information Exposure vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. | 5.0 |
| 2021-09-14 | CVE-2019-20101 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. | 5.0 |
| 2021-09-14 | CVE-2021-39118 | Information Exposure vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. | 5.0 |