Jira Software - 5 CVEs (Page 1/1)

About “Jira Software”

A curated feed of “Jira Software”-related CVEs appears below. We currently track 5 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 5.4 (all time; 6.5 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a LOW impact class. Atlassian apps hold code and project data. Patch, enforce SSO or MFA, restrict anonymous access, and audit marketplace apps and macros. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: jira-software

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL	LTS
11.3	2025-12-03	11.3.6	2027-12-03	LTS
11.2	2025-11-06	11.2.1	2027-11-06
11.1	2025-09-24	11.1.1	2027-09-24
11.0	2025-08-13	11.0.1	2027-08-13
10.7	2025-06-13	10.7.4	2027-06-13
10.6	2025-04-23	10.6.1	2027-04-23
10.5	2025-03-12	10.5.1	2027-03-12
10.4	2025-01-22	10.4.1	2027-01-22
10.3	2024-12-05	10.3.22	2026-12-05	LTS
10.2	2024-11-20	10.2.1	2026-11-20 Soon
10.1	2024-10-09	10.1.2	2026-10-09 Soon
10.0	2024-08-22	10.0.1	2026-08-22 Soon
9.17	2024-06-26	9.17.5	2026-06-26 Soon
9.16	2024-05-23	9.16.1	2026-05-23 Expired
9.15	2024-03-27	9.15.2	2026-03-27 Expired
9.14	2024-02-14	9.14.1	2026-02-15 Expired
9.13	2024-01-22	9.13.1	2026-01-22 Expired
9.12	2023-11-29	9.12.35	2025-11-29 Expired	LTS
9.11	2023-08-30	9.11.3	2025-08-30 Expired
9.10	2023-07-11	9.10.2	2025-07-11 Expired
9.9	2023-06-02	9.9.2	2025-06-02 Expired
9.8	2023-04-25	9.8.2	2025-04-25 Expired
9.7	2023-03-20	9.7.2	2025-03-20 Expired
9.6	2023-01-24	9.6.0	2025-01-24 Expired
9.5	2022-12-06	9.5.1	2024-12-06 Expired
9.4	2022-11-15	9.4.30	2025-01-31 Expired	LTS
9.3	2022-09-28	9.3.3	2024-09-29 Expired
9.2	2022-08-25	9.2.1	2024-08-25 Expired
9.1	2022-07-21	9.1.1	2024-07-21 Expired
9.0	2022-06-21	9.0.0	2024-06-21 Expired
8.22	2022-02-16	8.22.6	2024-02-16 Expired
8.21	2021-12-09	8.21.1	2023-12-09 Expired
8.20	2021-10-19	8.20.30	2024-01-31 Expired	LTS
8.19	2021-08-25	8.19.1	2023-08-26 Expired
8.18	2021-07-21	8.18.2	2023-07-01 Expired
8.17	2021-05-17	8.17.1	2023-05-18 Expired
8.16	2021-03-22	8.16.2	2023-03-23 Expired
8.15	2021-01-21	8.15.1	2023-02-02 Expired
8.14	2020-11-22	8.14.1	2022-11-23 Expired
8.13	2020-10-06	8.13.27	2022-10-08 Expired	LTS
8.12	2020-08-25	8.12.3	2022-08-26 Expired
8.11	2020-07-14	8.11.1	2022-07-15 Expired
8.10	2020-06-22	8.10.1	2022-06-23 Expired
8.9	2020-05-18	8.9.1	2022-05-20 Expired
8.8	2020-03-18	8.8.1	2022-03-19 Expired
8.7	2020-02-02	8.7.1	2022-02-03 Expired
8.6	2019-12-16	8.6.1	2021-12-17 Expired
8.5	2019-10-21	8.5.19	2021-10-21 Expired	LTS
8.4	2019-09-08	8.4.3	2021-09-09 Expired
8.3	2019-07-21	8.3.5	2021-07-22 Expired
8.2	2019-05-20	8.2.6	2021-05-21 Expired
8.1	2019-04-03	8.1.3	2021-04-04 Expired
8.0	2019-02-08	8.0.3	2021-02-11 Expired
7.13	2018-11-27	7.13.18	2020-11-28 Expired	LTS
7.12	2018-08-26	7.12.3	2020-08-27 Expired
7.11	2018-07-10	7.11.2	2020-07-11 Expired
7.10	2018-05-28	7.10.2	2020-05-29 Expired
7.9	2018-04-08	7.9.2	2020-04-09 Expired
7.8	2018-02-19	7.8.4	2020-02-20 Expired
7.7	2018-01-10	7.7.4	2020-01-11 Expired
7.6	2017-11-15	7.6.17	2019-11-14 Expired	LTS
7.5	2017-09-05	7.5.4	2019-09-06 Expired
7.4	2017-06-28	7.4.6	2019-06-29 Expired
7.3	2017-01-02	7.3.9	2019-01-03 Expired
7.2	2016-08-23	7.2.15	2018-08-23 Expired
7.1	2016-02-10	7.1.10	2018-02-10 Expired
7.0	2015-10-01	7.0.11	2017-10-06 Expired
6.4	2015-03-16	6.4.14	2017-03-17 Expired
6.3	2014-07-08	6.3.15	2016-07-08 Expired
6.2	2014-02-24	6.2.7	2016-06-11 Expired
6.1	2013-09-23	6.1.9	2016-05-22 Expired
6.0	2013-05-21	6.0.8	2015-09-03 Expired
5.2	2012-11-11	5.2.11	- Expired
5.1	2012-07-09	5.1.8	- Expired
5.0	2012-02-22	5.0.7	2012-07-01 Expired
4.4	2011-08-02	4.4.5	2014-02-22 Expired
4.3	2011-03-16	4.3.4	2013-05-27 Expired
4.2	2010-10-19	4.2.4	2013-02-08 Expired
4.1	2010-04-07	4.1.2	2012-06-18 Expired
4.0	2009-10-06	4.0.2	2012-02-26 Expired
3.13	2008-09-09	3.13.5	2011-07-21 Expired
3.12	2007-12-07	3.12.3	- Expired
3.11	2007-09-25	3.11.0	- Expired
3.10	2007-07-09	3.10.2	- Expired
3.9	2007-05-08	3.9.3	- Expired
3.8	2007-03-13	3.8.1	- Expired
3.7	2006-12-18	3.7.4	- Expired
3.6	2006-04-18	3.6.5	- Expired
3.5	2006-02-01	3.5.3	- Expired
3.4	2005-11-15	3.4.3	- Expired
3.3	2005-08-05	3.3.3	- Expired
3.2	2005-05-27	3.2.3	- Expired
3.1	2005-02-14	3.1.1	- Expired
3.0	2004-10-12	3.0.3	- Expired
2.6	2004-03-03	2.6.1	- Expired
2.5	2003-11-12	2.5.3	- Expired
2.4	2003-08-20	2.4.0	- Expired
2.3	2003-07-03	2.3.0	- Expired
2.2	2003-06-20	2.2.1	- Expired
2.1	2003-06-03	2.1.0	- Expired
1.4	2002-09-10	1.4.1	- Expired
1.3	2002-07-04	1.3.3	- Expired
1.2	2002-05-21	1.2.0	- Expired
1.1	2002-04-30	1.1.0	- Expired
1.0	2002-04-10	1.0.0	- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Jira Software” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-10-22

Medium

CVE-2025-22167

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2021-07-29

Critical

CVE-2020-36239

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from v…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD

2021-04-01

Low

CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymo…

CVSS: 3.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

2020-03-17

Medium

CVE-2019-20407

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

2016-01-08

Low

CVE-2015-8481

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup r…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD