Atlassian: >> Jira Server >> 7.13.5 Security Vulnerabilities
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-23
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.
CVSS Score
5.3
EPSS Score
0.006
Published
2019-08-23
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVSS Score
5.3
EPSS Score
0.73
Published
2019-08-23
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-08-23
Page 4