Atlassian Jira Software Data Center — known CVE vulnerabilities
Every CVE whose affected-product data names Atlassian Jira Software Data Center, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2019-20409 — CVSS 9.8 (critical): The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to…
CVE-2020-14172 — CVSS 9.8 (critical): This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been…
CVE-2020-14178 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure…
CVE-2019-20413 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of…
CVE-2021-41311 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access…
CVE-2021-41305 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and…
CVE-2020-14167 — CVSS 7.5 (high): The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2…
CVE-2021-41307 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and…
CVE-2019-20898 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being…
CVE-2021-41306 — CVSS 7.5 (high): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an…
CVE-2019-20897 — CVSS 6.5 (medium): The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of…
CVE-2021-41308 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File…
CVE-2019-20410 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information…
CVE-2019-20418 — CVSS 6.5 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an…
CVE-2020-4022 — CVSS 6.1 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2021-41310 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2020-14164 — CVSS 6.1 (medium): The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or…
CVE-2020-14169 — CVSS 6.1 (medium): The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or…
CVE-2020-36236 — CVSS 6.1 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site…
CVE-2020-14168 — CVSS 5.9 (medium): The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0…
CVE-2020-14173 — CVSS 5.4 (medium): The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or…
CVE-2019-20414 — CVSS 5.4 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2020-4021 — CVSS 5.4 (medium): Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject…
CVE-2020-4024 — CVSS 5.4 (medium): The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before…
CVE-2020-36235 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names…
CVE-2019-20412 — CVSS 5.3 (medium): The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the…
CVE-2020-4028 — CVSS 5.3 (medium): Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in…
CVE-2021-39127 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a…
CVE-2020-14165 — CVSS 5.3 (medium): The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain…
CVE-2019-20899 — CVSS 5.3 (medium): The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated…
CVE-2021-41309 — CVSS 5.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export…
CVE-2019-20402 — CVSS 4.9 (medium): Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without…
CVE-2020-4025 — CVSS 4.8 (medium): The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and…
CVE-2019-20416 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site…
CVE-2019-20106 — CVSS 4.3 (medium): Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before…
CVE-2019-20415 — CVSS 4.3 (medium): Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a…
CVE-2020-4029 — CVSS 4.3 (medium): The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before…
CVE-2020-14174 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure…
CVE-2020-36231 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have…