cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21685,https://securityvulnerability.io/vulnerability/CVE-2024-21685,"High Severity Information Disclosure Vulnerability Affects Jira Core Data Center Versions 9.4.0, 9.12.0, and 9.15.0","A significant information disclosure vulnerability has been identified in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This flaw enables unauthenticated attackers to access sensitive data, raising serious concerns regarding confidentiality. Notably, the vulnerability does not compromise the integrity or availability of the system; however, it requires user interaction to exploit. Atlassian advises all Jira Core Data Center users to upgrade to the latest version to mitigate this risk. If upgrading is not immediately possible, users should update to one of the specified fixed versions: Jira Core Data Center 9.4 (greater than or equal to 9.4.21), 9.12 (greater than or equal to 9.12.8), or 9.16 (greater than or equal to 9.16.0). For further insights, please refer to the detailed release notes and download the latest version from Atlassian's official download center.",Atlassian,Jira Core Data Center,6.5,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-06-18T17:00:00.783Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26135,https://securityvulnerability.io/vulnerability/CVE-2022-26135,Server-Side Request Forgery in Atlassian Jira Server and Data Center,"A vulnerability in the Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user to exploit a server-side request forgery through a batch endpoint. This flaw permits unauthorized data access, potentially leading to exposure of sensitive information. Affected versions include specific ranges in Jira Server and Data Center, as well as Jira Management Server and Data Center, highlighting the urgency for users to upgrade to secure versions to mitigate risks.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",6.5,MEDIUM,0.027809999883174896,false,,false,false,true,2022-07-07T08:28:02.000Z,true,false,false,,2022-06-30T06:15:00.000Z,0
CVE-2022-0540,https://securityvulnerability.io/vulnerability/CVE-2022-0540,Authentication Bypass in Atlassian Jira Server and Data Center,"A vulnerability in Atlassian's Jira Seraph allows remote, unauthenticated attackers to bypass authentication mechanisms through specially crafted HTTP requests. This issue affects multiple versions of Jira Server and Data Center and also impacts Jira Service Management. Administrators are advised to update their installations to the latest versions to mitigate potential exploitation of this vulnerability.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.1531900018453598,false,,false,false,true,2022-05-25T10:47:04.000Z,true,false,false,,2022-04-20T00:00:00.000Z,0
CVE-2020-36239,https://securityvulnerability.io/vulnerability/CVE-2020-36239,Authentication Vulnerability in Atlassian Jira Data Center Products,"The vulnerability involves the exposure of the Ehcache RMI network service in several versions of Jira Data Center and related products. It allows attackers to execute arbitrary code by deserializing data sent over the network to the vulnerable Ehcache ports. Attackers capable of connecting to these ports can gain unauthorized access, potentially leading to significant compromises of Jira instances. Atlassian recommends that users restrict access to these ports and highlights that newer versions now require a shared secret for Ehcache service access to mitigate this security risk.",Atlassian,"Jira Data Center,Jira Core Data Center,Jira Software Data Center,Jira Service Management Data Center",9.8,CRITICAL,0.01128000020980835,false,,false,false,false,,,false,false,,2021-07-29T11:15:00.000Z,0