The host is installed with Atlassian Jira_Server before 7.13.3, 8.0.0 before 8.0.4 or 8.1.0 before 8.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle issues in /rest/api/2/user/picker rest resource. Successful exploitation could allow remote attackers to enumerate usernames via an incorrect authorisation check.
The host is installed with Atlassian Jira_Server before 7.13.3 or 8.0.0 before 8.1.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle issues in ConfigurePortalPages.jspa. Successful exploitation could allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwne ...
The host is installed with Atlassian Jira Server 7.13.3 or 8.0.0 before 8.1.1 and is prone to an incorrect authorization vulnerability. A flaw is present in the application which fails to properly handle issues in ManageFilters.jspa resource. Successful exploitation could allow remote attackers to enumerate usernames via an incorrect authorisation check.
The host is installed with Atlassian Jira_Server before 7.13.2 or 8.0.0 before 8.0.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle issues in labels gadget. Successful exploitation could allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
The host is installed with Atlassian Jira Server before 7.13.2 or 8.0.0 before 8.0.2 and is prone to an incorrect authorization vulnerability. A flaw is present in the application which fails to properly handle issues in BrowseProjects.jspa resource. Successful exploitation could allow remote attackers to see information for archived projects through a missing authorisation check.
The host is installed with Atlassian Jira Server before 8.5.2, 8.6.0 before 8.6.1 and is prone to a Open Redirect. A flaw is present in the application which fails to properly handle issues in os_destination parameter. Successful exploitation could allow remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the ...
The host is installed with Atlassian Jira Server before 8.5.4 or 8.6.0 before 8.6.1 and is prone to a denial of service. A flaw is present in the application which fails to properly handle issues in Gadget API. Successful exploitation could allow remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API.
The host is installed with Atlassian Jira Server before 8.13.12, or 8.14.0 before 8.20.0 and is prone to an insecure direct object references (IDOR) vulnerability. A flaw is present in the application which fails to properly handle the Workload Pie Chart Gadget. Successful exploitation could allow remote attackers to view the names of private projects and private filters.
The host is installed with Atlassian Jira Server before 8.13.12, or 8.14.0 before 8.20.0 and is prone to an insecure direct object references (IDOR) vulnerability. A flaw is present in the application which fails to properly handle the Average Time in Status Gadget. Successful exploitation could allow remote attackers to view private project and filter names.
The host is installed with Atlassian Jira Server before 8.5.10, or 8.6.0 before 8.13.1 and is prone to a broken access control vulnerability. A flaw is present in the application which fails to properly handle the query component JQL endpoint. Successful exploitation could allow remote attackers to access the query component JQL Endpoint.