Atlassian Jira Data Center — known CVE vulnerabilities
Every CVE whose affected-product data names Atlassian Jira Data Center, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (79)
CVE-2022-0540 — CVSS 9.8 (critical): A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2020-36239 — CVSS 9.8 (critical): Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2025-22157 — CVSS 8.8 (high): This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2019-20419 — CVSS 7.8 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking…
CVE-2020-14178 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure…
CVE-2021-39113 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after…
CVE-2019-20413 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2020-14167 — CVSS 7.5 (high): The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2…
CVE-2021-43947 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code…
CVE-2021-39128 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA…
CVE-2019-15001 — CVSS 7.2 (high): The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from…
CVE-2022-36799 — CVSS 7.2 (high): This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented…
CVE-2021-43944 — CVSS 7.2 (high): This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented…
CVE-2021-43941 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including…
CVE-2021-41308 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File…
CVE-2024-21685 — CVSS 6.5 (medium): This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This…
CVE-2019-20410 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information…
CVE-2022-26135 — CVSS 6.5 (medium): A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the…
CVE-2021-39126 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request…
CVE-2025-22167 — CVSS 6.5 (medium): This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0…
CVE-2021-43946 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter…
CVE-2019-20897 — CVSS 6.5 (medium): The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of…
CVE-2021-26080 — CVSS 6.1 (medium): EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from…
CVE-2021-26079 — CVSS 6.1 (medium): The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version…
CVE-2020-4022 — CVSS 6.1 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2022-36801 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2021-41304 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2020-36236 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2021-39111 — CVSS 6.1 (medium): The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before…
CVE-2020-36288 — CVSS 6.1 (medium): The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and…
CVE-2020-14168 — CVSS 5.9 (medium): The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0…
CVE-2021-39116 — CVSS 5.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2020-4024 — CVSS 5.4 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2019-20414 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2020-14173 — CVSS 5.4 (medium): The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or…
CVE-2020-4021 — CVSS 5.4 (medium): Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2021-26082 — CVSS 5.4 (medium): The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2021-26083 — CVSS 5.4 (medium): Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2021-26069 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate…
CVE-2020-36289 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure…
CVE-2020-36287 — CVSS 5.3 (medium): The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5…
CVE-2021-26081 — CVSS 5.3 (medium): REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0…
CVE-2020-36286 — CVSS 5.3 (medium): The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2020-36238 — CVSS 5.3 (medium): The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2021-39122 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information…
CVE-2021-39127 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a…
CVE-2020-29453 — CVSS 5.3 (medium): The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from…
CVE-2020-14179 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom…
CVE-2019-20899 — CVSS 5.3 (medium): The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated…
CVE-2019-20412 — CVSS 5.3 (medium): The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the…
CVE-2019-20403 — CVSS 5.3 (medium): The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or…
CVE-2020-36234 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2019-20900 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2021-39112 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse…
CVE-2020-4025 — CVSS 4.8 (medium): The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and…
CVE-2019-20100 — CVSS 4.7 (medium): The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all…
CVE-2020-14174 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure…
CVE-2021-41313 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch…
CVE-2019-20099 — CVSS 4.3 (medium): The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site…
CVE-2021-39121 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira…
CVE-2019-20415 — CVSS 4.3 (medium): Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a…
CVE-2021-43952 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of…
CVE-2019-20098 — CVSS 4.3 (medium): The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site…
CVE-2019-15002 — CVSS 4.3 (medium): An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As…
CVE-2019-20411 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request…
CVE-2019-20407 — CVSS 4.3 (medium): The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote…
CVE-2021-26075 — CVSS 4.3 (medium): The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before…
CVE-2019-20404 — CVSS 4.3 (medium): The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles…
CVE-2020-36231 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have…
CVE-2020-4029 — CVSS 4.3 (medium): The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before…
CVE-2019-20106 — CVSS 4.3 (medium): Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before…
CVE-2019-20405 — CVSS 4.3 (medium): The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring…
CVE-2021-26076 — CVSS 3.7 (low): The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0…
CVE-2021-26071 — CVSS 3.5 (low): The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and…