Vulnerabilities > Atlassian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-8447 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
4.3
2019-08-23 CVE-2019-8446 Incorrect Authorization vulnerability in Atlassian Jira Server
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
network
low complexity
atlassian CWE-863
5.3
2019-08-23 CVE-2019-8445 Missing Authorization vulnerability in Atlassian Jira Server
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.
network
low complexity
atlassian CWE-862
5.3
2019-08-23 CVE-2019-8444 Cross-site Scripting vulnerability in Atlassian Jira Server
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
network
low complexity
atlassian CWE-79
5.4
2019-08-23 CVE-2019-14999 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Universal Plugin Manager
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
network
low complexity
atlassian CWE-352
4.3
2019-08-23 CVE-2019-11589 Open Redirect vulnerability in Atlassian Jira Server
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
network
low complexity
atlassian CWE-601
6.1
2019-08-23 CVE-2019-11588 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
4.3
2019-08-23 CVE-2019-11587 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).
network
low complexity
atlassian CWE-352
6.5
2019-08-23 CVE-2019-11586 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
4.3
2019-08-23 CVE-2019-11585 Open Redirect vulnerability in Atlassian Jira
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
network
low complexity
atlassian CWE-601
6.1