Atlassian CVEs and Security Vulnerabilities

Filtered by vendor Atlassian Subscriptions

Search

Switch to Advanced Search (Beta)

Total 441 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-43946	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.
CVE-2021-43945	1 Atlassian	2 Data Center, Jira	2024-11-21	4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.
CVE-2021-43944	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	7.2 High
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2021-43943	1 Atlassian	1 Jira Service Management	2024-11-21	4.8 Medium
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.
CVE-2021-43942	1 Atlassian	2 Jira Server, Jira Server And Data Center	2024-11-21	6.1 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2021-43941	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2021-43940	2 Atlassian, Microsoft	3 Confluence Data Center, Confluence Server, Windows	2024-11-21	7.8 High
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
CVE-2021-41313	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	4.3 Medium
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7.
CVE-2021-41312	1 Atlassian	4 Data Center, Jira, Jira Data Center and 1 more	2024-11-21	7.5 High
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.
CVE-2021-41311	1 Atlassian	3 Jira Data Center, Jira Server, Jira Software Data Center	2024-11-21	7.5 High
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.
CVE-2021-41310	1 Atlassian	1 Jira Software Data Center	2024-11-21	6.1 Medium
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1.
CVE-2021-41309	1 Atlassian	3 Jira Data Center, Jira Server, Jira Software Data Center	2024-11-21	5.3 Medium
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.
CVE-2021-41308	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2024-11-21	6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.
CVE-2021-41307	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2024-11-21	7.5 High
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
CVE-2021-41306	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2024-11-21	7.5 High
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
CVE-2021-41305	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2024-11-21	7.5 High
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..
CVE-2021-41304	1 Atlassian	4 Data Center, Jira, Jira Data Center and 1 more	2024-11-21	6.1 Medium
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2.
CVE-2021-39128	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	7.2 High
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
CVE-2021-39127	1 Atlassian	4 Jira, Jira Data Center, Jira Server and 1 more	2024-11-21	5.3 Medium
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.
CVE-2021-39126	1 Atlassian	2 Jira Data Center, Jira Server	2024-11-21	6.5 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.

« first previous Page 6 of 23. next last »