Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:atlassian:data_center:8.5.13:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-26078 |
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Published: June 07, 2021; 7:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-36287 |
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Published: April 08, 2021; 10:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-26070 |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. Published: March 22, 2021; 1:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2020-36232 |
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. Published: February 22, 2021; 4:15:19 PM -0500 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-36237 |
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Published: February 14, 2021; 7:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |