Shodan
Vulnerabilities
Vulnerable Software
Atlassian:  >> Jira  >> 7.7.0  Security Vulnerabilities
CVE-2019-8443
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
CVSS Score
8.1
EPSS Score
0.008
Published
2019-05-22
CVE-2019-3401
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVSS Score
5.3
EPSS Score
0.833
Published
2019-05-22
CVE-2019-3402
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
CVSS Score
6.1
EPSS Score
0.334
Published
2019-05-22
CVE-2019-3403
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVSS Score
5.3
EPSS Score
0.828
Published
2019-05-22
CVE-2018-20824
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
CVSS Score
6.1
EPSS Score
0.503
Published
2019-05-03
CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-04-30
CVE-2017-18100
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved