CVE-2025-22167

>= 9.12.0 and < 9.12.28

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in

6.5MEDIUM

CVE-2025-22157

>= 5.12.0 and < 5.12.20

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of

8.8HIGH

CVE-2019-15002

>= 7.6.4 and <= 8.1.0

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF

4.3MEDIUM

CVE-2024-21685

>= 9.4.0 and < 9.4.21

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Cen

6.5MEDIUM

CVE-2024-21683

>= 9.4.0 and < 9.4.21

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

8.8HIGH

CVE-2022-36801

< 8.20.8

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript

6.1MEDIUM

CVE-2022-36799

< 8.13.19

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been imple

7.2HIGH

CVE-2022-26137

>= 8.13.0 and < 8.13.22

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be

8.8HIGH

CVE-2022-26136

>= 8.13.0 and < 8.13.22

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a

9.8CRITICAL

CVE-2022-26135

>= 8.0.0 and < 8.13.22

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined

6.5MEDIUM

CVE-2022-0540

< 8.13.8

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted H

9.8CRITICAL

CVE-2021-43944

< 8.13.15

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been imple

7.2HIGH

CVE-2021-43941

< 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldM

6.5MEDIUM

CVE-2021-43952

< 8.13.18

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configura

4.3MEDIUM

CVE-2021-43947

>= 8.14.0 and < 8.20.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitra

7.2HIGH

CVE-2021-43946

< 8.13.21

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to fil

6.5MEDIUM

CVE-2021-41313

< 8.20.7

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch

4.3MEDIUM

CVE-2021-41308

>= 8.7.0 and < 8.13.12

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the

6.5MEDIUM

CVE-2021-41304

>= 8.14.0 and < 8.20.2

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript

6.1MEDIUM

CVE-2021-39127

>= 8.6.0 and < 8.13.1

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint vi

5.3MEDIUM

CVE-2021-39126

< 8.5.10

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Req

6.5MEDIUM

CVE-2021-39128

< 8.13.12

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA

7.2HIGH

CVE-2021-39122

>= 8.6.0 and < 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Informati

5.3MEDIUM

CVE-2021-39121

>= 8.6.0 and < 8.13.10

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private J

4.3MEDIUM

CVE-2021-39116

< 8.13.14

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D

5.5MEDIUM

CVE-2021-39113

>= 8.14.0 and < 8.18.0

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content eve

7.5HIGH

CVE-2021-39111

>= 8.6.0 and < 8.13.10

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14

6.1MEDIUM

CVE-2021-39112

>= 8.6.0 and < 8.13.7

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a rever

4.8MEDIUM

CVE-2021-26086

< 8.5.14

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vu

5.3MEDIUM

CVE-2020-36239

>= 6.3.0 and < 8.5.16

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, fro

9.8CRITICAL

CVE-2021-26083

>= 8.6.0 and < 8.13.6

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from

5.4MEDIUM

CVE-2021-26082

>= 8.6.0 and < 8.13.6

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from ver

5.4MEDIUM

CVE-2021-26081

>= 8.6.0 and < 8.13.6

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8

5.3MEDIUM

CVE-2021-26080

< 8.5.14

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, a

6.1MEDIUM

CVE-2021-26079

>= 8.6.0 and < 8.13.7

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before versi

6.1MEDIUM

CVE-2020-36289

>= 8.6.0 and < 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Dis

5.3MEDIUM

CVE-2021-26076

>= 8.6.0 and < 8.13.4

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version

3.7LOW

CVE-2021-26075

>= 8.6.0 and < 8.13.4

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6

4.3MEDIUM

CVE-2020-36288

>= 8.6.0 and < 8.13.4

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.

6.1MEDIUM

CVE-2020-36287

>= 8.14.0 and < 8.15.1

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version

5.3MEDIUM

CVE-2021-26071

>= 8.6.0 and < 8.13.5

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5

3.5LOW

CVE-2020-36286

>= 8.6.0 and < 8.13.5

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,

5.3MEDIUM

CVE-2020-36238

>= 8.6.0 and < 8.13.5

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,

5.3MEDIUM

CVE-2021-26069

>= 8.14.0 and < 8.15.0

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and

5.3MEDIUM

CVE-2020-29453

>= 8.14.0 and < 8.15.0

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3,

5.3MEDIUM

CVE-2020-36236

>= 8.6.0 and < 8.13.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro

6.1MEDIUM

CVE-2020-36234

>= 8.14.0 and < 8.15.0

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro

4.8MEDIUM

CVE-2020-36231

>= 8.6.0 and < 8.13.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not h

4.3MEDIUM

CVE-2020-14179

< 8.5.8

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and

5.3MEDIUM

CVE-2020-14178

>= 8.0.0 and < 8.5.8

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Dis

7.5HIGH

CVE-2020-14174

>= 8.0.0 and < 8.5.7

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insec

4.3MEDIUM

CVE-2019-20900

>= 8.2.1 and < 8.7.0

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

4.8MEDIUM

CVE-2019-20899

>= 8.5.5 and < 8.6.1

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via

5.3MEDIUM

CVE-2019-20897

>= 8.6.0 and < 8.6.2

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial

6.5MEDIUM

CVE-2020-14173

>= 8.6.0 and < 8.6.2

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary

5.4MEDIUM

CVE-2019-20419

< 8.5.5

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vu

7.8HIGH

CVE-2020-4029

>= 8.6.0 and < 8.7.2

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 be

4.3MEDIUM

CVE-2020-4025

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Serve

4.8MEDIUM

CVE-2020-4024

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

5.4MEDIUM

CVE-2020-4022

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

6.1MEDIUM

CVE-2020-14168

>= 8.5.0 and < 8.5.5

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from

5.9MEDIUM

CVE-2020-14167

>= 8.5.0 and < 8.5.5

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 befor

7.5HIGH

CVE-2019-20415

>= 8.0.0 and < 8.1.0

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a

4.3MEDIUM

CVE-2019-20414

>= 8.0.0 and < 8.4.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

5.4MEDIUM

CVE-2019-20413

>= 8.0.0 and < 8.4.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D

7.5HIGH

CVE-2019-20412

>= 8.0.0 and < 8.4.2

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumera

5.3MEDIUM

CVE-2019-20411

>= 7.7.0 and < 7.13.9

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site re

4.3MEDIUM

CVE-2019-20410

>= 7.7.0 and < 7.13.9

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information

6.5MEDIUM

CVE-2020-4021

>= 8.0.0 and < 8.5.5

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers t

5.4MEDIUM

CVE-2019-20407

>= 8.4.1 and < 8.5.3

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remot

4.3MEDIUM

CVE-2019-20100

>= 7.0.0 and < 8.5.4

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: al

4.7MEDIUM

CVE-2019-20099

>= 7.6.15 and < 8.5.4

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cr

4.3MEDIUM

CVE-2019-20098

>= 7.6.15 and < 8.5.4

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to c

4.3MEDIUM

CVE-2019-20405

>= 7.13.0 and < 8.6.0

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX moni

4.3MEDIUM

CVE-2019-20404

>= 8.2.4 and < 8.6.0

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project t

4.3MEDIUM

CVE-2019-20403

>= 7.13.0 and < 8.5.5

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key e

5.3MEDIUM

CVE-2019-20106

>= 8.0.0 and < 8.5.4

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 bef

4.3MEDIUM

CVE-2019-15001

>= 7.0.10 and < 7.6.16

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8

7.2HIGH

CVE-2018-20239

< 7.13.3

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef

5.4MEDIUM