Atlassian : Security Vulnerabilities CVSS score between 3 and 3.99
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.
Max Base Score | 3.5 |
Published | 2021-04-01 |
Updated | 2022-03-30 |
EPSS | 0.05% |
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
Max Base Score | 3.5 |
Published | 2016-01-08 |
Updated | 2022-03-28 |
EPSS | 0.12% |
2 vulnerabilities found