The host is installed with Atlassian Jira Server before 8.5.10, or 8.6.0 before 8.13.1 and is prone to a username enumeration vulnerability. A flaw is present in the application which fails to properly handle the password reset page. Successful exploitation could allow remote attackers to discover the usernames of users.
The host is installed with Atlassian Jira Server before 8.5.13, 8.6.0 before 8.13.5, or 8.14.0 before 8.15.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle the /rest/api/2/search endpoint. Successful exploitation could allow remote attackers to view users' emails.
The host is installed with Atlassian Jira Server before 8.5.18, 8.6.0 before 8.13.10, or 8.14.0 before 8.18.2 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle the /rest/api/latest/projectvalidate/key endpoint. Successful exploitation could allow remote attackers to enumerate the keys of private jira projects.
The host is installed with Atlassian Jira Server before 8.13.9, or 8.14.0 before 8.18.0 and is prone to a broken access control vulnerability. A flaw is present in the application which fails to properly handle the allowlist feature. Successful exploitation could allow remote attackers to continue to view cached content even after losing permissions.
The host is installed with Atlassian Jira Server before 8.5.15, 8.6.0 before 8.13.7, 8.14.0 before 8.17.1, or 8.18.0 before 8.18.1 and is prone to a reverse tabnapping vulnerability. A flaw is present in the application which fails to properly handle the Project Shortcuts feature. Successful exploitation could allow remote attackers to redirect users to a malicious URL.
The host is installed with Atlassian Jira Server before 8.5.18, 8.6.0 before 8.13.10, or 8.14.0 before 8.18.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle the supplied content such as from a PDF when pasted into a field such as the description field. Successful exploitation could allow remote attackers to inject arbitrary ...
The host is installed with Atlassian Jira Server before 8.5.14, 8.6.0 before 8.13.6, or 8.14.0 before 8.16.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle the Export HTML Report feature. Successful exploitation could allow remote attackers to inject arbitrary html or javascript.
The host is installed with Atlassian Jira Server before 8.5.14, 8.6.0 before 8.13.6, or 8.14.0 before 8.17.0 and is prone to a stored XSS vulnerability. A flaw is present in the application which fails to properly handle the XML Export component. Successful exploitation could allow remote attackers to inject arbitrary html or javascript.
The host is installed with Atlassian Jira Server before 8.5.14, 8.6.0 before 8.13.6, or 8.14.0 before 8.16.1 and is prone to a username enumeration vulnerability. A flaw is present in the application which fails to properly handle a sensitive data exposure vulnerability in the '/rest/api/latest/user/avatar/temporary' endpoint. Successful exploitation could allow remote attackers to discover the us ...
The host is installed with Atlassian Jira Server before 8.5.15, 8.6.0 before 8.13.7, or 8.14.0 before 8.17.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application which fails to properly handle the CardLayoutConfigTable component. Successful exploitation could allow remote attackers to inject arbitrary html or javascript.