Atlassian: >> Jira >> 8.5.0 Security Vulnerabilities
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
CVSS Score
9.8
EPSS Score
0.035
Published
2020-06-23
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-02-06
Page 7