jira software data center · threatengine.sh

Home/Product/atlassian jira software data center

Product

atlassian jira software data center

39 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had it

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked t

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private pro

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter nam

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint vi

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cro

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not h

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Dis

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insec

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being au

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 be

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Serve

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 befor

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obt

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML o

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cro

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a D

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumera

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login pa

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers t

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 bef

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin