CVE-2025-22167

>= 9.12.0 and < 9.12.28

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in

6.5MEDIUM

CVE-2025-22157

>= 9.12.0 and < 9.12.20

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of

8.8HIGH

CVE-2019-15002

>= 7.6.4 and <= 8.1.0

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF

4.3MEDIUM

CVE-2024-21685

>= 9.4.0 and < 9.4.21

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Cen

6.5MEDIUM

CVE-2024-21683

>= 9.4.0 and < 9.4.21

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

8.8HIGH

CVE-2022-36801

< 8.20.8

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript

6.1MEDIUM

CVE-2022-36799

< 8.13.19

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been imple

7.2HIGH

CVE-2022-26137

>= 8.13.0 and < 8.13.22

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be

8.8HIGH

CVE-2022-26136

>= 8.13.0 and < 8.13.22

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a

9.8CRITICAL

CVE-2022-26135

>= 8.0.0 and < 8.13.22

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined

6.5MEDIUM

CVE-2022-0540

< 8.13.8

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted H

9.8CRITICAL

CVE-2021-43944

< 8.13.15

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been imple

7.2HIGH

CVE-2021-43941

< 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldM

6.5MEDIUM

CVE-2021-43952

< 8.13.18

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configura

4.3MEDIUM

CVE-2021-43947

>= 8.14.0 and < 8.20.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitra

7.2HIGH

CVE-2021-43946

< 8.13.21

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to fil

6.5MEDIUM

CVE-2021-43942

>= 8.14.0 and < 8.20.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Ref

6.1MEDIUM

CVE-2021-41313

< 8.20.7

Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch

4.3MEDIUM

CVE-2021-41308

>= 8.7.0 and < 8.13.12

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the

6.5MEDIUM

CVE-2021-41307

>= 8.14.0 and < 8.20.0

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private pro

7.5HIGH

CVE-2021-41306

>= 8.14.0 and < 8.20.0

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter nam

7.5HIGH

CVE-2021-41304

>= 8.14.0 and < 8.20.2

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript

6.1MEDIUM

CVE-2021-39127

>= 8.6.0 and < 8.13.1

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint vi

5.3MEDIUM

CVE-2021-39126

< 8.5.10

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Req

6.5MEDIUM

CVE-2021-39128

< 8.13.12

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA

7.2HIGH

CVE-2021-39125

>= 8.6.0 and < 8.13.1

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via

5.3MEDIUM

CVE-2021-39122

>= 8.6.0 and < 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Informati

5.3MEDIUM

CVE-2021-39121

>= 8.6.0 and < 8.13.10

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private J

4.3MEDIUM

CVE-2021-39116

< 8.13.14

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D

5.5MEDIUM

CVE-2021-39113

>= 8.14.0 and < 8.18.0

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content eve

7.5HIGH

CVE-2021-39111

>= 8.6.0 and < 8.13.10

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14

6.1MEDIUM

CVE-2021-39112

>= 8.6.0 and < 8.13.7

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a rever

4.8MEDIUM

CVE-2021-26086

< 8.5.14

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vu

5.3MEDIUM

CVE-2021-26083

>= 8.6.0 and < 8.13.6

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from

5.4MEDIUM

CVE-2021-26082

>= 8.6.0 and < 8.13.6

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from ver

5.4MEDIUM

CVE-2021-26081

>= 8.6.0 and < 8.13.6

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8

5.3MEDIUM

CVE-2021-26080

< 8.5.14

EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, a

6.1MEDIUM

CVE-2021-26079

>= 8.6.0 and < 8.13.7

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before versi

6.1MEDIUM

CVE-2021-26078

>= 8.6.0 and < 8.13.6

The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8

6.1MEDIUM

CVE-2020-36289

>= 8.6.0 and < 8.13.5

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Dis

5.3MEDIUM

CVE-2021-26076

>= 8.6.0 and < 8.13.4

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version

3.7LOW

CVE-2021-26075

>= 8.6.0 and < 8.13.4

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6

4.3MEDIUM

CVE-2020-36288

>= 8.6.0 and < 8.13.4

The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.

6.1MEDIUM

CVE-2020-36287

>= 8.14.0 and < 8.15.1

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version

5.3MEDIUM

CVE-2021-26071

>= 8.6.0 and < 8.13.5

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5

3.5LOW

CVE-2020-36286

>= 8.6.0 and < 8.13.5

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,

5.3MEDIUM

CVE-2020-36238

>= 8.6.0 and < 8.13.5

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5,

5.3MEDIUM

CVE-2021-26070

>= 8.14.0 and < 8.14.1

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-l

7.2HIGH

CVE-2021-26069

>= 8.6.0 and < 8.13.3

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and

5.3MEDIUM

CVE-2020-29453

>= 8.5.10 and < 8.5.11

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3,

5.3MEDIUM

CVE-2020-29451

>= 8.6.0 and < 8.13.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Di

4.3MEDIUM

CVE-2020-36236

>= 8.6.0 and < 8.13.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro

6.1MEDIUM

CVE-2020-36235

>= 8.14.0 and < 8.14.1

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom

5.3MEDIUM

CVE-2020-36234

>= 8.6.0 and < 8.13.3

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro

4.8MEDIUM

CVE-2020-36231

>= 8.6.0 and < 8.13.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not h

4.3MEDIUM

CVE-2020-14185

>= 8.0.0 and < 8.5.9

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in

5.3MEDIUM

CVE-2020-14184

>= 8.6.0 and < 8.12.3

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scriptin

5.4MEDIUM

CVE-2020-14179

< 8.5.8

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and

5.3MEDIUM

CVE-2020-14177

< 7.13.16

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a R

6.5MEDIUM

CVE-2020-14181

>= 8.0.0 and < 8.5.7

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Dis

5.3MEDIUM

CVE-2020-14178

>= 8.0.0 and < 8.5.8

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Dis

7.5HIGH

CVE-2020-14174

>= 8.0.0 and < 8.5.7

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insec

4.3MEDIUM

CVE-2019-20901

all versions

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redire

6.1MEDIUM

CVE-2019-20900

>= 8.2.1 and < 8.7.0

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

4.8MEDIUM

CVE-2019-20899

>= 8.5.5 and < 8.6.1

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via

5.3MEDIUM

CVE-2019-20897

>= 8.6.0 and < 8.6.2

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial

6.5MEDIUM

CVE-2020-14173

>= 8.6.0 and < 8.6.2

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary

5.4MEDIUM

CVE-2019-20419

< 8.5.5

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vu

7.8HIGH

CVE-2020-4029

>= 8.6.0 and < 8.7.2

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 be

4.3MEDIUM

CVE-2020-4025

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Serve

4.8MEDIUM

CVE-2020-4024

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

5.4MEDIUM

CVE-2020-4022

>= 8.6.0 and < 8.8.2

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

6.1MEDIUM

CVE-2020-14168

>= 8.5.0 and < 8.5.5

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from

5.9MEDIUM

CVE-2020-14167

>= 8.5.0 and < 8.5.5

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 befor

7.5HIGH

CVE-2019-20415

>= 8.0.0 and < 8.1.0

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a

4.3MEDIUM

CVE-2019-20414

>= 8.0.0 and < 8.4.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

5.4MEDIUM

CVE-2019-20413

>= 8.0.0 and < 8.4.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D

7.5HIGH

CVE-2019-20412

>= 8.0.0 and < 8.4.2

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumera

5.3MEDIUM

CVE-2019-20411

>= 8.0.0 and < 8.4.2

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site re

4.3MEDIUM

CVE-2019-20410

>= 7.7.0 and < 7.13.9

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information

6.5MEDIUM

CVE-2020-4021

>= 8.0.0 and < 8.5.5

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers t

5.4MEDIUM

CVE-2019-20407

>= 8.4.1 and < 8.5.3

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remot

4.3MEDIUM

CVE-2019-20100

>= 8.5.5 and < 8.6.2

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: al

4.7MEDIUM

CVE-2019-20099

>= 7.6.15 and < 8.5.4

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cr

4.3MEDIUM

CVE-2019-20098

>= 7.6.15 and < 8.5.4

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to c

4.3MEDIUM

CVE-2019-20405

>= 7.13.0 and < 8.6.0

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX moni

4.3MEDIUM

CVE-2019-20404

>= 8.2.4 and < 8.6.0

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project t

4.3MEDIUM

CVE-2019-20403

> 7.13.0 and < 8.5.5

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key e

5.3MEDIUM

CVE-2019-20401

>= 7.6.15 and < 8.5.2

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has n

6.5MEDIUM

CVE-2019-20400

>= 8.3.2 and < 8.5.2

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the

7.8HIGH

CVE-2019-20106

>= 8.0.0 and < 8.5.4

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 bef

4.3MEDIUM

CVE-2019-15013

>= 8.0.0 and < 8.4.3

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from v

4.3MEDIUM

CVE-2019-15001

>= 7.0.10 and < 7.6.16

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8

7.2HIGH

CVE-2019-8451

>= 7.6.0 and < 8.4.0

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of in

6.5MEDIUM

CVE-2019-8450

>= 7.13.0 and < 7.13.6

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remo

4.8MEDIUM

CVE-2019-14998

>= 7.4.0 and < 8.4.0

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attacker

6.5MEDIUM

CVE-2019-14997

>= 7.13.0 and < 8.4.0

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, inclu

4.3MEDIUM

CVE-2019-14996

>= 7.12.0 and < 7.13.7

The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attac

6.1MEDIUM

CVE-2019-14995

>= 7.6.0 and < 8.4.0

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment wit

5.3MEDIUM

CVE-2019-8447

>= 7.13.0 and < 8.3.2

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cr

4.3MEDIUM

CVE-2019-8446

>= 7.6 and < 8.3.2

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorr

5.3MEDIUM

CVE-2019-8445

>= 7.13.0 and < 7.13.7

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers t

5.3MEDIUM

CVE-2019-8444

>= 7.7 and < 7.13.6

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to i

5.4MEDIUM

CVE-2019-11589

>= 7.13.0 and < 7.13.6

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.

6.1MEDIUM

CVE-2019-11588

>= 8.0.0 and < 8.2.3

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and fr

4.3MEDIUM

CVE-2019-11587

>= 8.0.0 and < 8.2.3

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and fro

6.5MEDIUM

CVE-2019-11586

>= 8.0.0 and < 8.2.3

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 bef

4.3MEDIUM

CVE-2019-11585

>= 8.0.0 and < 8.2.3

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before ver

6.1MEDIUM

CVE-2019-8448

>= 7.11.0 and < 7.13.4

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enume

5.3MEDIUM

CVE-2019-11581

>= 4.4 and < 7.6.14

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send

9.8CRITICAL

CVE-2019-8443

>= 8.0.0 and < 8.0.4

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before ve

8.1HIGH

CVE-2019-8442

>= 8.0.0 and < 8.0.4

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from

7.5HIGH

CVE-2019-3403

>= 8.0.0 and < 8.0.4

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version

5.3MEDIUM

CVE-2019-3402

>= 8.0.0 and < 8.1.1

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote att

6.1MEDIUM

CVE-2019-3401

>= 8.0.0 and < 8.1.1

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers

5.3MEDIUM

CVE-2019-3400

< 7.13.2

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arb

6.1MEDIUM

CVE-2019-3399

>= 8.0.0 and < 8.0.2

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attacker

7.5HIGH

CVE-2018-20239

< 7.13.3

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef

5.4MEDIUM

CVE-2018-20232

>= 7.7.0 and < 7.13.1

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attack

5.4MEDIUM

CVE-2018-13404

>= 7.7.0 and < 7.7.5

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from vers

4.1MEDIUM

CVE-2018-13403

>= 7.7.0 and <= 7.12.3

The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, an

5.4MEDIUM

CVE-2018-13402

>= 7.7.0 and < 7.7.5

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version

6.1MEDIUM

CVE-2018-13401

>= 7.7.0 and < 7.7.5

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 b

6.1MEDIUM

CVE-2018-13400

>= 7.7.0 and < 7.7.5

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8

4.7MEDIUM

CVE-2018-13395

>= 7.7.0 and < 7.7.5

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before versi

6.1MEDIUM

CVE-2018-13391

>= 7.7.0 and < 7.7.5

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8

5.3MEDIUM

CVE-2017-18104

>= 7.7.0 and < 7.11.0

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers

5.9MEDIUM

CVE-2018-5232

>= 7.7.0 and < 7.10.1

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote atta

6.1MEDIUM

CVE-2018-13387

>= 7.7.0 and < 7.7.5

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from vers

6.1MEDIUM

CVE-2018-5231

>= 7.7.0 and < 7.7.4

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.

7.5HIGH

CVE-2018-5230

>= 7.7.0 and < 7.7.4

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before ver

6.1MEDIUM

CVE-2017-18102

>= 7.5.0 and < 7.6.8

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitra

5.4MEDIUM

CVE-2017-18101

>= 7.7.0 and < 7.7.3

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from

6.5MEDIUM

CVE-2017-14594

>= 7.3.0 and < 7.6.1

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remo

6.1MEDIUM

CVE-2015-8481

all versions

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-ma

3.1LOW