Show filters
501 Total Results
Displaying 281-290 of 501
Sort by:
Attacker Value
Unknown
CVE-2019-8449
Disclosure Date: September 11, 2019 (last updated November 27, 2024)
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
0
Attacker Value
Unknown
CVE-2019-14995
Disclosure Date: September 11, 2019 (last updated November 27, 2024)
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
0
Attacker Value
Unknown
CVE-2019-14997
Disclosure Date: September 11, 2019 (last updated November 27, 2024)
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.
0
Attacker Value
Unknown
CVE-2019-3394
Disclosure Date: August 29, 2019 (last updated November 27, 2024)
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.
0
Attacker Value
Unknown
CVE-2019-11586
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
0
Attacker Value
Unknown
CVE-2019-11584
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.
0
Attacker Value
Unknown
CVE-2019-11587
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).
0
Attacker Value
Unknown
CVE-2019-8444
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
0
Attacker Value
Unknown
CVE-2019-11589
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
0
Attacker Value
Unknown
CVE-2019-8447
Disclosure Date: August 23, 2019 (last updated November 27, 2024)
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.
0
