Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-21 | CVE-2021-39127 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. | 5.3 |
| 2021-09-30 | CVE-2020-18683 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | 9.8 |
| 2021-09-30 | CVE-2020-18684 | Integer Overflow or Wraparound vulnerability in Atlassian Floodlight Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | 9.8 |
| 2021-09-30 | CVE-2020-18685 | Improper Input Validation vulnerability in Atlassian Floodlight Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | 9.8 |
| 2021-09-16 | CVE-2021-39128 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 7.2 |
| 2021-09-14 | CVE-2021-39125 | Unspecified vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. | 5.3 |
| 2021-09-14 | CVE-2019-20101 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. | 5.3 |
| 2021-09-14 | CVE-2021-39118 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. | 5.3 |
| 2021-09-14 | CVE-2021-39123 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. | 7.5 |
| 2021-09-14 | CVE-2021-39124 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. | 4.3 |