cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22501,https://securityvulnerability.io/vulnerability/CVE-2023-22501,Impersonation Vulnerability in Jira Service Management by Atlassian,"An authentication flaw has been identified in Jira Service Management Server and Data Center which allows an attacker to impersonate legitimate users. Under specific conditions, particularly when write access is provided to a User Directory and outgoing email is active, attackers can exploit vulnerabilities to gain access to signup tokens for accounts that have never logged in. This can occur if the attacker interacts with Jira issues or requests a user is involved in, or if the attacker successfully intercepts emails with 'View Request' links sent to those users. Accounts with bot privileges and those associated with external single sign-on are especially vulnerable, making proper safeguards essential for maintaining user integrity.",Atlassian,"Jira Service Management Data Center,Jira Service Management Server",9.1,CRITICAL,0.002360000042244792,false,,false,false,false,,,false,false,,2023-02-01T19:15:00.000Z,0
CVE-2022-36800,https://securityvulnerability.io/vulnerability/CVE-2022-36800,Information Disclosure in Atlassian Jira Service Management Server and Data Center,"An information disclosure vulnerability exists in certain versions of Atlassian Jira Service Management Server and Data Center. This vulnerability allows remote attackers who lack the 'Browse Users' permission to access and view groups via the browsegroups.action endpoint, potentially exposing sensitive user data and group associations.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-08-03T00:00:00.000Z,0
CVE-2021-43959,https://securityvulnerability.io/vulnerability/CVE-2021-43959,Server-Side Request Forgery Vulnerability in Atlassian Jira Service Management,"A security issue in Atlassian Jira Service Management Server and Data Center's CSV importing feature permits authenticated remote attackers to exploit a Server-Side Request Forgery (SSRF) vulnerability. This flaw can allow unauthorized access to sensitive internal network resources. In particular setups, such as those hosted on Amazon EC2, attackers could leverage this vulnerability to gain access to critical metadata, potentially exposing sensitive credentials and confidential information.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",5.7,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2022-07-26T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26135,https://securityvulnerability.io/vulnerability/CVE-2022-26135,Server-Side Request Forgery in Atlassian Jira Server and Data Center,"A vulnerability in the Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user to exploit a server-side request forgery through a batch endpoint. This flaw permits unauthorized data access, potentially leading to exposure of sensitive information. Affected versions include specific ranges in Jira Server and Data Center, as well as Jira Management Server and Data Center, highlighting the urgency for users to upgrade to secure versions to mitigate risks.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",6.5,MEDIUM,0.027809999883174896,false,,false,false,true,2022-07-07T08:28:02.000Z,true,false,false,,2022-06-30T06:15:00.000Z,0
CVE-2022-0540,https://securityvulnerability.io/vulnerability/CVE-2022-0540,Authentication Bypass in Atlassian Jira Server and Data Center,"A vulnerability in Atlassian's Jira Seraph allows remote, unauthenticated attackers to bypass authentication mechanisms through specially crafted HTTP requests. This issue affects multiple versions of Jira Server and Data Center and also impacts Jira Service Management. Administrators are advised to update their installations to the latest versions to mitigate potential exploitation of this vulnerability.",Atlassian,"Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.1531900018453598,false,,false,false,true,2022-05-25T10:47:04.000Z,true,false,false,,2022-04-20T00:00:00.000Z,0
CVE-2021-43943,https://securityvulnerability.io/vulnerability/CVE-2021-43943,Cross-Site Scripting Vulnerability in Atlassian Jira Service Management,"Versions of Atlassian Jira Service Management Server and Data Center prior to 4.21.0 are susceptible to a Cross-Site Scripting (XSS) vulnerability. This occurs when attackers with administrator privileges can inject arbitrary HTML or JavaScript into the 'Object Schema' field of the configuration interface, potentially compromising the integrity of the application and exposing sensitive information to unauthorized users. For detailed information, visit the Atlassian support page.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-24T05:15:00.000Z,0
CVE-2021-43948,https://securityvulnerability.io/vulnerability/CVE-2021-43948,Improper Authorization in Atlassian Jira Service Management Server and Data Center,"Versions of Atlassian Jira Service Management Server and Data Center prior to 4.21.0 are susceptible to an Improper Authorization vulnerability. This flaw allows authenticated remote attackers to exploit the 'Move objects' feature, enabling them to view the names of private objects that should be restricted. Users of the affected versions should take immediate action to mitigate the risk of unauthorized data exposure.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-02-15T04:15:00.000Z,0
CVE-2021-43950,https://securityvulnerability.io/vulnerability/CVE-2021-43950,Broken Access Control Vulnerability in Atlassian Jira Service Management Server and Data Center,"A security weakness exists in the Insight Import Source feature of Atlassian Jira Service Management Server and Data Center, allowing authenticated remote attackers to access sensitive import source configuration details. This issue impacts versions prior to 4.21.0, highlighting the importance of timely updates to mitigate potential risks. Organizations are advised to review their systems and apply necessary patches to protect against unauthorized data exposure.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-02-15T03:15:00.000Z,0
CVE-2021-43951,https://securityvulnerability.io/vulnerability/CVE-2021-43951,Information Disclosure Vulnerability in Atlassian Jira Service Management Server and Data Center,"An information disclosure vulnerability in the object type mapping feature of Atlassian Jira Service Management Server and Data Center allows authenticated remote attackers to access sensitive configuration details. This issue affects all versions prior to 4.21.0, posing a significant risk to user data integrity.",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-01-10T16:15:00.000Z,0
CVE-2021-43949,https://securityvulnerability.io/vulnerability/CVE-2021-43949,Access Control Flaw in Atlassian Jira Service Management Server and Data Center,"An access control vulnerability exists in Atlassian Jira Service Management Server and Data Center, allowing authenticated remote attackers to exploit the Custom Fields feature. This flaw permits unauthorized viewing of private objects, which could lead to sensitive information disclosure. Users are recommended to upgrade to version 4.21.0 or later to mitigate this risk. For further details, refer to the Atlassian issue tracking [here](https://jira.atlassian.com/browse/JSDSERVER-10982).",Atlassian,"Jira Service Management Server,Jira Service Management Data Center",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-01-10T16:15:00.000Z,0