| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Jira products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2019-9005 | The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. | 0.0 | 0 | Neutral | Yes |
| Yes |
| CVE-2019-8451 | The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vuln... | 6.5 | 446 | Neutral | Yes | Yes |
| CVE-2019-8450 | Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arb... | 4.8 | 202 | Neutral | No | Yes |
| CVE-2019-8449 | The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 5.3 | 354 | Neutral | Yes | Yes |
| CVE-2019-8448 | The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2019-8447 | The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2019-8446 | The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 | 290 | Neutral | Yes | Yes |
| CVE-2019-8445 | Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | 5.3 | 188 | Neutral | No | Yes |
| CVE-2019-8444 | The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vu... | 5.4 | 223 | Neutral | No | Yes |
| CVE-2019-8443 | The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to admini... | 8.1 | 482 | Neutral | No | Yes |
| CVE-2019-8442 | The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access f... | 7.5 | 487 | Neutral | Yes | Yes |
| CVE-2019-5095 | An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view v... | 4.3 | 273 | Neutral | Yes | No |
| CVE-2019-3403 | The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usern... | 5.3 | 290 | Neutral | Yes | Yes |
| CVE-2019-3402 | The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2019-3401 | The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.3 | 290 | Neutral | Yes | Yes |
| CVE-2019-3400 | The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2019-3399 | The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisa... | 7.5 | 450 | Neutral | No | Yes |
| CVE-2019-20901 | The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performi... | 6.1 | 207 | Neutral | No | Yes |
| CVE-2019-20900 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The aff... | 4.8 | 202 | Neutral | No | Yes |
| CVE-2019-20899 | The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affect... | 5.3 | 124 | Neutral | No | Yes |