threat
engine
.sh
Back
·
··:··
Home
/
Product
/
atlassian jira
Product
atlassian jira
148 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-49673
< 3.1.2
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attack
8.8
HIGH
CVE-2023-49653
<= 3.11
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Con
6.5
MEDIUM
CVE-2022-29041
< 3.6.1
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version
5.4
MEDIUM
CVE-2021-43945
< 8.20.3
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to injec
4.8
MEDIUM
CVE-2021-43953
< 8.13.16
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention
4.3
MEDIUM
CVE-2021-43947
< 8.13.15
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitra
7.2
HIGH
CVE-2021-41312
< 8.19.1
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Serv
7.5
HIGH
CVE-2021-41308
< 8.6.0
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the
6.5
MEDIUM
CVE-2021-41307
< 8.13.12
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private pro
7.5
HIGH
CVE-2021-41306
< 8.13.12
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter nam
7.5
HIGH
CVE-2021-41305
< 8.13.12
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects
7.5
HIGH
CVE-2021-41304
< 8.13.12
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript
6.1
MEDIUM
CVE-2021-39127
< 8.5.10
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint vi
5.3
MEDIUM
CVE-2021-39125
< 8.5.10
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via
5.3
MEDIUM
CVE-2021-39124
< 8.16.0
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows
4.3
MEDIUM
CVE-2021-39123
< 8.16.0
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's avai
7.5
HIGH
CVE-2021-39118
< 8.19.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of user
5.3
MEDIUM
CVE-2019-20101
< 8.13.3
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken A
5.3
MEDIUM
CVE-2021-39122
< 8.5.13
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Informati
5.3
MEDIUM
CVE-2021-39121
< 8.5.18
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private J
4.3
MEDIUM
CVE-2021-39119
< 8.19.0
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on
5.3
MEDIUM
CVE-2021-39117
< 8.18.0
The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject
4.8
MEDIUM
CVE-2021-39113
< 8.13.9
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content eve
7.5
HIGH
CVE-2021-39111
< 8.5.18
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14
6.1
MEDIUM
CVE-2021-39112
< 8.5.15
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a rever
4.8
MEDIUM
CVE-2017-18113
< 8.18.1
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can
8.8
HIGH
CVE-2021-26083
< 8.5.14
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from
5.4
MEDIUM
CVE-2021-26082
< 8.5.14
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from ver
5.4
MEDIUM
CVE-2021-26081
< 8.5.14
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8
5.3
MEDIUM
CVE-2021-26079
< 8.5.15
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before versi
6.1
MEDIUM
CVE-2021-26078
< 8.5.14
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8
6.1
MEDIUM
CVE-2020-36289
< 8.5.13
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Dis
5.3
MEDIUM
CVE-2021-26076
< 8.5.12
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version
3.7
LOW
CVE-2021-26075
< 8.5.12
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6
4.3
MEDIUM
CVE-2020-36288
< 8.5.12
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.
6.1
MEDIUM
CVE-2020-36287
< 8.13.5
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version
5.3
MEDIUM
CVE-2021-26071
< 8.5.13
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5
3.5
LOW
CVE-2020-36286
< 8.5.13
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,
5.3
MEDIUM
CVE-2020-36238
< 8.5.13
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,
5.3
MEDIUM
CVE-2021-26070
< 8.13.3
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-l
7.2
HIGH
CVE-2021-26069
< 8.5.11
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and
5.3
MEDIUM
CVE-2020-29451
< 8.5.11
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Di
4.3
MEDIUM
CVE-2020-36237
< 8.15.0
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via
5.3
MEDIUM
CVE-2020-36236
< 8.5.11
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro
6.1
MEDIUM
CVE-2020-36235
< 8.13.2
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom
5.3
MEDIUM
CVE-2020-36234
< 8.5.11
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro
4.8
MEDIUM
CVE-2020-36231
< 8.5.10
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not h
4.3
MEDIUM
CVE-2020-14185
< 7.13.18
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in
5.3
MEDIUM
CVE-2020-14184
< 8.5.9
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scriptin
5.4
MEDIUM
CVE-2020-14183
< 7.13.18
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance
4.3
MEDIUM
CVE-2020-14181
< 7.13.6
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Dis
5.3
MEDIUM
CVE-2020-14178
< 7.13.7
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Dis
7.5
HIGH
CVE-2020-14174
< 7.13.16
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insec
4.3
MEDIUM
CVE-2019-20901
< 8.5.2
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redire
6.1
MEDIUM
CVE-2019-20899
< 8.5.4
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via
5.3
MEDIUM
CVE-2019-20898
< 8.8.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being au
7.5
HIGH
CVE-2019-20897
< 8.5.4
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial
6.5
MEDIUM
CVE-2020-14173
< 8.5.4
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary
5.4
MEDIUM
CVE-2020-14172
< 7.13.0
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b
9.8
CRITICAL
CVE-2019-20418
< 8.8.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via
6.5
MEDIUM
CVE-2020-4029
< 8.5.5
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 be
4.3
MEDIUM
CVE-2020-4025
< 8.5.5
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Serve
4.8
MEDIUM
CVE-2020-4024
< 8.5.5
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.
5.4
MEDIUM
CVE-2020-4022
< 8.5.5
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.
6.1
MEDIUM
CVE-2020-14169
< 8.9.1
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML
6.1
MEDIUM
CVE-2020-14168
< 7.13.14
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from
5.9
MEDIUM
CVE-2020-14167
< 7.13.14
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 befor
7.5
HIGH
CVE-2020-14165
< 8.9.0
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obt
5.3
MEDIUM
CVE-2020-14164
< 8.8.2
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML o
6.1
MEDIUM
CVE-2019-20408
< 8.7.0
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of in
5.3
MEDIUM
CVE-2019-20416
< 8.3.0
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro
4.8
MEDIUM
CVE-2019-20415
< 7.13.3
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a
4.3
MEDIUM
CVE-2019-20414
< 7.13.9
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro
5.4
MEDIUM
CVE-2019-20413
< 7.13.9
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D
7.5
HIGH
CVE-2019-20412
< 7.13.9
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumera
5.3
MEDIUM
CVE-2019-20411
< 7.13.9
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site re
4.3
MEDIUM
CVE-2019-20410
< 7.6.17
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information
6.5
MEDIUM
CVE-2020-4028
< 8.9.1
Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login pa
5.3
MEDIUM
CVE-2019-20409
< 8.8.0
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac
9.8
CRITICAL
CVE-2020-4021
< 7.13.16
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers t
5.4
MEDIUM
CVE-2012-1500
all versions
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary
5.4
MEDIUM
CVE-2019-20100
>= 7.0.0 and < 8.4.5
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: al
4.7
MEDIUM
CVE-2019-20402
< 8.6.0
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user
4.9
MEDIUM
CVE-2019-20106
< 7.13.12
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 bef
4.3
MEDIUM
CVE-2019-15013
< 7.13.12
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from v
4.3
MEDIUM
CVE-2019-16541
<= 3.0.10
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing
9.9
CRITICAL
CVE-2019-15005
< 8.3.2
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic lo
4.3
MEDIUM
CVE-2019-8449
< 8.4.0
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an i
5.3
MEDIUM
CVE-2019-11588
< 7.13.6
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and fr
4.3
MEDIUM
CVE-2019-11587
< 7.13.6
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and fro
6.5
MEDIUM
CVE-2019-11586
< 7.13.6
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 bef
4.3
MEDIUM
CVE-2019-11585
< 7.13.6
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before ver
6.1
MEDIUM
CVE-2019-11584
< 8.3.2
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via
6.1
MEDIUM
CVE-2018-20827
>= 7.0.0 and < 7.13.1
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cros
5.4
MEDIUM
CVE-2018-20826
< 7.12.3
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues
4.3
MEDIUM
CVE-2019-11583
< 8.1.0
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of se
6.5
MEDIUM
CVE-2019-8443
< 7.13.4
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before ve
8.1
HIGH
CVE-2019-8442
< 7.13.4
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from
7.5
HIGH
CVE-2019-3403
< 7.13.3
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version
5.3
MEDIUM
CVE-2019-3402
< 7.13.3
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote att
6.1
MEDIUM
CVE-2019-3401
< 7.13.3
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers
5.3
MEDIUM
CVE-2018-20824
< 7.13.1
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a c
6.1
MEDIUM
CVE-2019-3399
< 7.13.2
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attacker
7.5
HIGH
CVE-2019-10302
<= 0.8
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master wher
8.8
HIGH
CVE-2018-20232
< 7.6.11
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attack
5.4
MEDIUM
CVE-2018-13404
< 7.6.10
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from vers
4.1
MEDIUM
CVE-2018-13403
< 7.6.10
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, an
5.4
MEDIUM
CVE-2018-1000412
<= 3.0.1
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers wit
8.8
HIGH
CVE-2018-13402
< 7.6.9
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version
6.1
MEDIUM
CVE-2018-13401
< 7.6.9
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 b
6.1
MEDIUM
CVE-2018-13400
< 7.6.9
Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8
4.7
MEDIUM
CVE-2018-13395
< 7.6.8
Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before versi
6.1
MEDIUM
CVE-2018-13391
< 7.6.8
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8
5.3
MEDIUM
CVE-2017-18104
< 7.6.7
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers
5.9
MEDIUM
CVE-2018-5232
< 7.6.7
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote atta
6.1
MEDIUM
CVE-2018-13387
< 7.6.7
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from vers
6.1
MEDIUM
CVE-2018-5231
< 7.6.6
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.
7.5
HIGH
CVE-2018-5230
< 7.6.6
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before ver
6.1
MEDIUM
CVE-2017-18101
< 7.6.5
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from
6.5
MEDIUM
CVE-2017-18100
< 7.8.1
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript v
6.1
MEDIUM
CVE-2017-18098
< 7.6.1
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScri
6.1
MEDIUM
CVE-2017-18097
< 7.6.1
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administ
5.4
MEDIUM
CVE-2017-18039
>= 6.2.1 and < 7.4.4
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbit
6.1
MEDIUM
CVE-2017-16863
< 7.5.3
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cr
6.1
MEDIUM
CVE-2017-18033
< 7.6.1
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an execu
6.5
MEDIUM
CVE-2017-16865
< 7.6.1
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resou
5.3
MEDIUM
CVE-2017-16864
< 7.4.2
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript vi
6.1
MEDIUM
CVE-2017-16862
< 7.6.2
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whit
4.3
MEDIUM
CVE-2017-14594
< 7.2.12
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remo
6.1
MEDIUM
CVE-2017-5983
all versions
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allo
9.8
CRITICAL
CVE-2016-4319
<= 7.1.8
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
8.8
HIGH
CVE-2016-4318
<= 7.1.8
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
4.8
MEDIUM
CVE-2016-6285
<= 7.2.1
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remo
6.1
MEDIUM
CVE-2014-2314
<= 6.0.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create a
CVE-2014-2313
<= 6.0.4
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitra
CVE-2013-5319
<= 6.0.4
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA bef
CVE-2012-2928
<= 5.0.0
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabil
CVE-2012-2926
< 5.0.1
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,
9.1
CRITICAL
CVE-2010-1165
all versions
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachme
CVE-2010-1164
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary
CVE-2008-6832
all versions
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the au
CVE-2008-6831
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arb
CVE-2008-6531
< 3.13.2
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA meth
CVE-2007-6619
<= 3.12
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is compl
CVE-2007-6618
<= 3.12
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
CVE-2007-6617
<= 3.12
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject
CVE-2006-3339
all versions
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecif
CVE-2006-3338
all versions
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HT
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin