Show filters
39 Total Results
Displaying 11-20 of 39
Sort by:
Attacker Value
Unknown
CVE-2020-36231
Disclosure Date: January 21, 2021 (last updated February 22, 2025)
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
0
Attacker Value
Unknown
CVE-2020-14178
Disclosure Date: September 01, 2020 (last updated November 28, 2024)
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.
0
Attacker Value
Unknown
CVE-2020-14174
Disclosure Date: July 08, 2020 (last updated February 21, 2025)
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.
0
Attacker Value
Unknown
CVE-2019-20410
Disclosure Date: July 03, 2020 (last updated November 28, 2024)
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.
0
Attacker Value
Unknown
CVE-2020-4022
Disclosure Date: July 01, 2020 (last updated February 21, 2025)
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
0
Attacker Value
Unknown
CVE-2020-14164
Disclosure Date: July 01, 2020 (last updated February 21, 2025)
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
0
Attacker Value
Unknown
CVE-2020-14165
Disclosure Date: July 01, 2020 (last updated November 28, 2024)
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
0
Attacker Value
Unknown
CVE-2020-14169
Disclosure Date: July 01, 2020 (last updated February 21, 2025)
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
0
Attacker Value
Unknown
CVE-2020-4025
Disclosure Date: July 01, 2020 (last updated February 21, 2025)
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
0
Attacker Value
Unknown
CVE-2020-14167
Disclosure Date: July 01, 2020 (last updated November 28, 2024)
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.
0
