Vulnerabilities > Atlassian > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-15 CVE-2021-26076 Unspecified vulnerability in Atlassian products
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.
network
high complexity
atlassian
3.7
2021-04-01 CVE-2021-26071 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian products
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
3.5
2016-01-08 CVE-2015-8481 Information Exposure vulnerability in Atlassian Jira Core, Jira Server and Jira Service Desk
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
network
high complexity
atlassian CWE-200
3.1