cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-15002,https://securityvulnerability.io/vulnerability/CVE-2019-15002,Cross-Site Request Forgery in Atlassian Jira Affects Multiple Versions,"An exploitable Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira allows attackers to submit unauthorized login requests without requiring a CSRF token. This flaw permits malicious actors to log users into the application under unexpected accounts, posing significant security risks. Affected versions range from 7.6.4 to 8.1.0, highlighting the importance of updating to secure versions to safeguard against potential exploits.",Atlassian,"Jira Server,Jira Data Center",,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T17:24:15.763Z,0
CVE-2024-21685,https://securityvulnerability.io/vulnerability/CVE-2024-21685,"High Severity Information Disclosure Vulnerability Affects Jira Core Data Center Versions 9.4.0, 9.12.0, and 9.15.0","A significant information disclosure vulnerability has been identified in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This flaw enables unauthenticated attackers to access sensitive data, raising serious concerns regarding confidentiality. Notably, the vulnerability does not compromise the integrity or availability of the system; however, it requires user interaction to exploit. Atlassian advises all Jira Core Data Center users to upgrade to the latest version to mitigate this risk. If upgrading is not immediately possible, users should update to one of the specified fixed versions: Jira Core Data Center 9.4 (greater than or equal to 9.4.21), 9.12 (greater than or equal to 9.12.8), or 9.16 (greater than or equal to 9.16.0). For further insights, please refer to the detailed release notes and download the latest version from Atlassian's official download center.",Atlassian,Jira Core Data Center,6.5,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-06-18T17:00:00.783Z,0
CVE-2023-22501,https://securityvulnerability.io/vulnerability/CVE-2023-22501,Impersonation Vulnerability in Jira Service Management by Atlassian,"An authentication flaw has been identified in Jira Service Management Server and Data Center which allows an attacker to impersonate legitimate users. Under specific conditions, particularly when write access is provided to a User Directory and outgoing email is active, attackers can exploit vulnerabilities to gain access to signup tokens for accounts that have never logged in. This can occur if the attacker interacts with Jira issues or requests a user is involved in, or if the attacker successfully intercepts emails with 'View Request' links sent to those users. Accounts with bot privileges and those associated with external single sign-on are especially vulnerable, making proper safeguards essential for maintaining user integrity.",Atlassian,"Jira Service Management Data Center,Jira Service Management Server",9.1,CRITICAL,0.002360000042244792,false,,false,false,false,,,false,false,,2023-02-01T19:15:00.000Z,0
CVE-2022-36801,https://securityvulnerability.io/vulnerability/CVE-2022-36801,Reflected Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center,"A serious vulnerability in Atlassian Jira Server and Data Center allows unauthorized attackers to exploit the TeamManagement.jspa endpoint, enabling the injection of arbitrary HTML or JavaScript. This flaw can facilitate a range of attacks, potentially compromising user data and application integrity. Affected users should upgrade to versions 8.20.8 or later to secure their systems against this risk.",Atlassian,"Jira Server,Jira Data Center",6.1,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-08-10T03:15:00.000Z,0
CVE-2022-36800,https://securityvulnerability.io/vulnerability/CVE-2022-36800,Information Disclosure in Atlassian Jira Service Management Server and Data Center,"An information disclosure vulnerability exists in certain versions of Atlassian Jira Service Management Server and Data Center. This vulnerability allows remote attackers who lack the 'Browse Users' permission to access and view groups via the browsegroups.action endpoint, potentially exposing sensitive user data and group associations.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-08-03T00:00:00.000Z,0
CVE-2022-36799,https://securityvulnerability.io/vulnerability/CVE-2022-36799,Template Injection Vulnerability in Atlassian Jira Server and Data Center,"A vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers with system administrator permissions to exploit template injection vulnerabilities in the Email Templates feature. This flaw could permit the execution of arbitrary code, leading to potential remote code execution. The vulnerability arises from inadequate protection via the XStream library in velocity templates. To mitigate this issue, users are advised to upgrade to fixed versions as indicated.",Atlassian,"Jira Server,Jira Data Center",7.2,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2022-08-01T11:15:00.000Z,0
CVE-2021-43959,https://securityvulnerability.io/vulnerability/CVE-2021-43959,Server-Side Request Forgery Vulnerability in Atlassian Jira Service Management,"A security issue in Atlassian Jira Service Management Server and Data Center's CSV importing feature permits authenticated remote attackers to exploit a Server-Side Request Forgery (SSRF) vulnerability. This flaw can allow unauthorized access to sensitive internal network resources. In particular setups, such as those hosted on Amazon EC2, attackers could leverage this vulnerability to gain access to critical metadata, potentially exposing sensitive credentials and confidential information.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",5.7,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2022-07-26T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26135,https://securityvulnerability.io/vulnerability/CVE-2022-26135,Server-Side Request Forgery in Atlassian Jira Server and Data Center,"A vulnerability in the Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user to exploit a server-side request forgery through a batch endpoint. This flaw permits unauthorized data access, potentially leading to exposure of sensitive information. Affected versions include specific ranges in Jira Server and Data Center, as well as Jira Management Server and Data Center, highlighting the urgency for users to upgrade to secure versions to mitigate risks.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",6.5,MEDIUM,0.027809999883174896,false,,false,false,true,2022-07-07T08:28:02.000Z,true,false,false,,2022-06-30T06:15:00.000Z,0
CVE-2022-0540,https://securityvulnerability.io/vulnerability/CVE-2022-0540,Authentication Bypass in Atlassian Jira Server and Data Center,"A vulnerability in Atlassian's Jira Seraph allows remote, unauthenticated attackers to bypass authentication mechanisms through specially crafted HTTP requests. This issue affects multiple versions of Jira Server and Data Center and also impacts Jira Service Management. Administrators are advised to update their installations to the latest versions to mitigate potential exploitation of this vulnerability.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.1531900018453598,false,,false,false,true,2022-05-25T10:47:04.000Z,true,false,false,,2022-04-20T00:00:00.000Z,0
CVE-2021-43944,https://securityvulnerability.io/vulnerability/CVE-2021-43944,Template Injection Vulnerability in Jira Server and Data Center by Atlassian,"A security enhancement was introduced to address a template injection vulnerability in Atlassian Jira Server and Data Center. This flaw allowed remote attackers with system administrator permissions to execute arbitrary code through the Email Templates feature. Versions prior to 8.13.15 and from 8.14.0 to before 8.20.3 are particularly vulnerable, necessitating immediate updates to mitigate the risk of remote code execution.",Atlassian,"Jira Server,Jira Data Center",7.2,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2022-03-08T02:15:00.000Z,0
CVE-2021-43945,https://securityvulnerability.io/vulnerability/CVE-2021-43945,Stored Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center,"A vulnerability in Atlassian Jira Server and Data Center allows remote attackers with Roadmaps Administrator permissions to exploit a Stored Cross-Site Scripting (SXSS) flaw. This issue enables the injection of arbitrary HTML or JavaScript via the /rest/jpo/1.0/hierarchyConfiguration endpoint, compromising the integrity of web applications and potentially allowing attackers to execute malicious scripts within users' browsers.",Atlassian,"Jira Server,Jira Data Center",4.8,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-02-28T01:15:00.000Z,0
CVE-2021-43943,https://securityvulnerability.io/vulnerability/CVE-2021-43943,Cross-Site Scripting Vulnerability in Atlassian Jira Service Management,"Versions of Atlassian Jira Service Management Server and Data Center prior to 4.21.0 are susceptible to a Cross-Site Scripting (XSS) vulnerability. This occurs when attackers with administrator privileges can inject arbitrary HTML or JavaScript into the 'Object Schema' field of the configuration interface, potentially compromising the integrity of the application and exposing sensitive information to unauthorized users. For detailed information, visit the Atlassian support page.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-24T05:15:00.000Z,0
CVE-2021-43941,https://securityvulnerability.io/vulnerability/CVE-2021-43941,Cross-Site Request Forgery Vulnerability in Atlassian Jira Server and Data Center,"A serious security flaw exists in Atlassian Jira Server and Data Center, specifically within the jira-importers-plugin, which permits remote attackers to manipulate multiple resources, such as CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa. This vulnerability impacts versions released prior to 8.13.15 and those from 8.14.0 up to but not including 8.20.3, highlighting a need for users to upgrade promptly to safeguard their systems from potential unauthorized actions.",Atlassian,"Jira Server,Jira Data Center",6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-02-15T04:15:00.000Z,0
CVE-2021-43948,https://securityvulnerability.io/vulnerability/CVE-2021-43948,Improper Authorization in Atlassian Jira Service Management Server and Data Center,"Versions of Atlassian Jira Service Management Server and Data Center prior to 4.21.0 are susceptible to an Improper Authorization vulnerability. This flaw allows authenticated remote attackers to exploit the 'Move objects' feature, enabling them to view the names of private objects that should be restricted. Users of the affected versions should take immediate action to mitigate the risk of unauthorized data exposure.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-02-15T04:15:00.000Z,0
CVE-2021-43953,https://securityvulnerability.io/vulnerability/CVE-2021-43953,Cross-Site Request Forgery Vulnerability in Atlassian Jira Server and Data Center,"A Cross-Site Request Forgery (CSRF) vulnerability exists in Atlassian Jira Server and Data Center, allowing unauthenticated remote attackers to manipulate Thread Contention and CPU monitoring settings through the /secure/admin/ViewInstrumentation.jspa endpoint. This issue affects specific versions prior to 8.13.16 and versions from 8.14.0 before 8.20.5, potentially exposing systems to unauthorized configurations and security risks.",Atlassian,"Jira Server,Jira Data Center",4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-02-15T03:15:00.000Z,0
CVE-2021-43950,https://securityvulnerability.io/vulnerability/CVE-2021-43950,Broken Access Control Vulnerability in Atlassian Jira Service Management Server and Data Center,"A security weakness exists in the Insight Import Source feature of Atlassian Jira Service Management Server and Data Center, allowing authenticated remote attackers to access sensitive import source configuration details. This issue impacts versions prior to 4.21.0, highlighting the importance of timely updates to mitigate potential risks. Organizations are advised to review their systems and apply necessary patches to protect against unauthorized data exposure.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-02-15T03:15:00.000Z,0
CVE-2021-43952,https://securityvulnerability.io/vulnerability/CVE-2021-43952,CSRF Vulnerability in Atlassian Jira Server and Data Center,"A vulnerability exists in Atlassian Jira Server and Data Center that allows attackers to exploit a Cross-Site Request Forgery (CSRF) flaw. This enables unauthorized users to restore default configurations on certain fields by manipulating requests aimed at the /secure/admin/RestoreDefaults.jspa endpoint. The issue affects all versions prior to 8.21.0, posing a significant risk by allowing remote unauthenticated attackers to alter system settings.",Atlassian,"Jira Server,Jira Data Center",4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-02-15T01:15:00.000Z,0
CVE-2021-43949,https://securityvulnerability.io/vulnerability/CVE-2021-43949,Access Control Flaw in Atlassian Jira Service Management Server and Data Center,"An access control vulnerability exists in Atlassian Jira Service Management Server and Data Center, allowing authenticated remote attackers to exploit the Custom Fields feature. This flaw permits unauthorized viewing of private objects, which could lead to sensitive information disclosure. Users are recommended to upgrade to version 4.21.0 or later to mitigate this risk. For further details, refer to the Atlassian issue tracking [here](https://jira.atlassian.com/browse/JSDSERVER-10982).",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-01-10T16:15:00.000Z,0
CVE-2021-43951,https://securityvulnerability.io/vulnerability/CVE-2021-43951,Information Disclosure Vulnerability in Atlassian Jira Service Management Server and Data Center,"An information disclosure vulnerability in the object type mapping feature of Atlassian Jira Service Management Server and Data Center allows authenticated remote attackers to access sensitive configuration details. This issue affects all versions prior to 4.21.0, posing a significant risk to user data integrity.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-01-10T16:15:00.000Z,0
CVE-2021-43947,https://securityvulnerability.io/vulnerability/CVE-2021-43947,Remote Code Execution in Atlassian Jira Server and Data Center Email Templates,"A vulnerability in Atlassian Jira Server and Data Center's Email Templates feature permits remote attackers with administrator privileges to execute arbitrary code. This Remote Code Execution flaw allows unauthorized commands to be run, providing an opportunity for potential system compromise. Notably, this vulnerability circumvents prior security fixes, thereby magnifying the urgency for affected organizations to promptly update their systems to versions 8.13.15 or 8.20.3 and above.",Atlassian,"Jira Server,Jira Data Center",7.2,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2022-01-06T01:15:00.000Z,0
CVE-2021-43946,https://securityvulnerability.io/vulnerability/CVE-2021-43946,Broken Access Control Vulnerability in Atlassian Jira Server and Data Center,"Authenticated remote attackers can exploit a vulnerability in Atlassian Jira Server and Data Center, specifically through the /secure/EditSubscription.jspa endpoint, allowing them to add administrator groups to filter subscriptions. This security flaw could lead to unauthorized access and privilege escalation, affecting critical configurations and data integrity across the platform.",Atlassian,"Jira Server,Jira Data Center",6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-01-05T04:15:00.000Z,0
CVE-2021-43942,https://securityvulnerability.io/vulnerability/CVE-2021-43942,Reflected Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center,"A vulnerability in Atlassian Jira Server and Data Center allows remote attackers to execute arbitrary HTML or JavaScript code through reflected cross-site scripting. This occurs via a vulnerable endpoint, which can be exploited if users are deceived into visiting a malicious site that triggers the execution of harmful scripts. Versions of the product affected are those prior to 8.13.15 and versions from 8.14.0 up to but not including 8.20.3. Prompt updating of these affected versions is advised to protect against potential exploits.",Atlassian,"Jira Server,Jira Data Center",6.1,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2022-01-04T03:15:00.000Z,0
CVE-2021-41309,https://securityvulnerability.io/vulnerability/CVE-2021-41309,Broken Authentication in Atlassian Jira Server and Data Center,"Atlassian Jira Server and Data Center versions prior to 8.19.1 are susceptible to a Broken Authentication vulnerability. This issue arises when a user, who has had their access to Jira Service Management revoked, can exploit the /plugins/servlet/audit/resource endpoint to export audit logs from other users' projects. This risk highlights significant security concerns about user access controls and proper session management.",Atlassian,"Jira Server,Jira Data Center",5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-12-08T04:15:00.000Z,0