GCVE - cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:*

part: a version: 3.12.3 update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Jira (`c2c85791-1e35-5790-bb88-4fa1e2e6d723`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-1165`	vulnerable	2026-06-03 14:30:12.890009	Details available Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. Published: 2010-04-20T15:00:00.000Z Updated: 2024-08-07T01:14:06.696Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/57828 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 http://jira.atlassian.com/browse/JRA-20995 http://www.openwall.com/lists/oss-security/2010/04/16/3 http://www.openwall.com/lists/oss-security/2010/04/16/4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1164`	vulnerable	2026-06-03 14:30:12.884588	Details available Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010. Published: 2010-04-20T15:00:00.000Z Updated: 2024-08-07T01:14:06.535Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/57827 http://jira.atlassian.com/browse/JRA-20994 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 https://exchange.xforce.ibmcloud.com/vulnerabilities/57826 http://www.openwall.com/lists/oss-security/2010/04/16/3	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.