Every CVE whose affected-product data names Atlassian Jira Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (135)
CVE-2022-0540 — CVSS 9.8 (critical): A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2025-22157 — CVSS 8.8 (high): This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2019-8443 — CVSS 8.1 (high): The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version…
CVE-2019-20400 — CVSS 7.8 (high): The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global…
CVE-2019-20419 — CVSS 7.8 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking…
CVE-2021-41306 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an…
CVE-2021-41307 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and…
CVE-2019-8442 — CVSS 7.5 (high): The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version…
CVE-2020-14167 — CVSS 7.5 (high): The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2…
CVE-2021-39113 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after…
CVE-2020-14178 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure…
CVE-2019-3399 — CVSS 7.5 (high): The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see…
CVE-2018-5231 — CVSS 7.5 (high): The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before…
CVE-2019-20413 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2021-43947 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code…
CVE-2022-36799 — CVSS 7.2 (high): This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented…
CVE-2019-15001 — CVSS 7.2 (high): The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from…
CVE-2021-43944 — CVSS 7.2 (high): This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented…
CVE-2021-39128 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA…
CVE-2021-26070 — CVSS 7.2 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked…
CVE-2019-8451 — CVSS 6.5 (medium): The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal…
CVE-2021-43946 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter…
CVE-2019-11587 — CVSS 6.5 (medium): Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version…
CVE-2024-21685 — CVSS 6.5 (medium): This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This…
CVE-2019-20401 — CVSS 6.5 (medium): Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet…
CVE-2019-20897 — CVSS 6.5 (medium): The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of…
CVE-2021-39126 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request…
CVE-2025-22167 — CVSS 6.5 (medium): This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0…
CVE-2022-26135 — CVSS 6.5 (medium): A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the…
CVE-2020-14177 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a…
CVE-2021-43941 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including…
CVE-2021-41308 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File…
CVE-2017-18101 — CVSS 6.5 (medium): Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version…
CVE-2019-20410 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information…
CVE-2019-14998 — CVSS 6.5 (medium): The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to…
CVE-2020-36288 — CVSS 6.1 (medium): The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and…
CVE-2019-3402 — CVSS 6.1 (medium): The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to…
CVE-2021-39111 — CVSS 6.1 (medium): The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before…
CVE-2018-13395 — CVSS 6.1 (medium): Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5…
CVE-2019-11589 — CVSS 6.1 (medium): The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before…
CVE-2019-14996 — CVSS 6.1 (medium): The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to…
CVE-2018-5230 — CVSS 6.1 (medium): The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version…
CVE-2021-26079 — CVSS 6.1 (medium): The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version…
CVE-2017-14594 — CVSS 6.1 (medium): The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote…
CVE-2021-26078 — CVSS 6.1 (medium): The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6…
CVE-2021-43942 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected…
CVE-2018-13402 — CVSS 6.1 (medium): Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5…
CVE-2021-41304 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2018-13401 — CVSS 6.1 (medium): The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2018-13387 — CVSS 6.1 (medium): The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0…
CVE-2020-4022 — CVSS 6.1 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2020-36236 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2019-20901 — CVSS 6.1 (medium): The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users…
CVE-2019-3400 — CVSS 6.1 (medium): The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary…
CVE-2018-5232 — CVSS 6.1 (medium): The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to…
CVE-2022-36801 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2021-26080 — CVSS 6.1 (medium): EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from…
CVE-2019-11585 — CVSS 6.1 (medium): The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version…
CVE-2020-14168 — CVSS 5.9 (medium): The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0…
CVE-2017-18104 — CVSS 5.9 (medium): The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are…
CVE-2021-39116 — CVSS 5.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2021-26083 — CVSS 5.4 (medium): Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2017-18102 — CVSS 5.4 (medium): The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML…
CVE-2018-13403 — CVSS 5.4 (medium): The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from…
CVE-2018-20232 — CVSS 5.4 (medium): The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2019-20414 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2019-8444 — CVSS 5.4 (medium): The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject…
CVE-2020-14173 — CVSS 5.4 (medium): The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or…
CVE-2020-14184 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS)…
CVE-2020-4021 — CVSS 5.4 (medium): Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject…
CVE-2020-4024 — CVSS 5.4 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2021-26082 — CVSS 5.4 (medium): The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…
CVE-2020-29453 — CVSS 5.3 (medium): The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from…
CVE-2020-36235 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names…
CVE-2020-14179 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom…
CVE-2020-36238 — CVSS 5.3 (medium): The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2020-36286 — CVSS 5.3 (medium): The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from…
CVE-2020-36287 — CVSS 5.3 (medium): The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5…
CVE-2020-36289 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure…
CVE-2021-26069 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate…
CVE-2019-8448 — CVSS 5.3 (medium): The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate…
CVE-2019-8446 — CVSS 5.3 (medium): The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect…
CVE-2019-8445 — CVSS 5.3 (medium): Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view…
CVE-2021-26081 — CVSS 5.3 (medium): REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0…
CVE-2018-13391 — CVSS 5.3 (medium): The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2019-3403 — CVSS 5.3 (medium): The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0…
CVE-2019-3401 — CVSS 5.3 (medium): The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to…
CVE-2021-39122 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information…
CVE-2021-39125 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an…
CVE-2019-20899 — CVSS 5.3 (medium): The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated…
CVE-2021-39127 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a…
CVE-2019-20412 — CVSS 5.3 (medium): The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the…
CVE-2019-20403 — CVSS 5.3 (medium): The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or…
CVE-2019-14995 — CVSS 5.3 (medium): The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a…
CVE-2020-14181 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure…
CVE-2020-14185 — CVSS 5.3 (medium): Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the…
CVE-2020-36234 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2019-20900 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2020-4025 — CVSS 4.8 (medium): The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and…
CVE-2019-8450 — CVSS 4.8 (medium): Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote…
CVE-2021-39112 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse…
CVE-2019-20100 — CVSS 4.7 (medium): The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all…
CVE-2018-13400 — CVSS 4.7 (medium): Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before…
CVE-2020-36231 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have…
CVE-2019-14997 — CVSS 4.3 (medium): The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including…
CVE-2019-11586 — CVSS 4.3 (medium): The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before…
CVE-2019-20415 — CVSS 4.3 (medium): Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a…
CVE-2019-11588 — CVSS 4.3 (medium): The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from…
CVE-2019-20411 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request…
CVE-2019-20407 — CVSS 4.3 (medium): The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote…
CVE-2020-14174 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure…
CVE-2019-20099 — CVSS 4.3 (medium): The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site…
CVE-2021-43952 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of…
CVE-2019-20098 — CVSS 4.3 (medium): The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site…
CVE-2021-39121 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira…
CVE-2019-15013 — CVSS 4.3 (medium): The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version…
CVE-2019-15002 — CVSS 4.3 (medium): An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As…
CVE-2019-8447 — CVSS 4.3 (medium): The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site…
CVE-2019-20404 — CVSS 4.3 (medium): The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles…
CVE-2020-29451 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure…
CVE-2019-20106 — CVSS 4.3 (medium): Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before…
CVE-2020-4029 — CVSS 4.3 (medium): The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before…
CVE-2019-20405 — CVSS 4.3 (medium): The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring…
CVE-2021-41313 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch…
CVE-2021-26075 — CVSS 4.3 (medium): The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before…
CVE-2018-13404 — CVSS 4.1 (medium): The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0…
CVE-2021-26076 — CVSS 3.7 (low): The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0…
CVE-2021-26071 — CVSS 3.5 (low): The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and…
CVE-2015-8481 — CVSS 3.1 (low): Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail…