Atlassian Jira ↗
Atlassian · Infrastructure
85/100 Good
Summary iPlain-English security verdict for Atlassian Jira, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Atlassian Jira currently scores 85/100 — good. 2 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2019-11581) — staying on the latest supported version keeps you clear of them. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Atlassian Jira each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2019-11581 CRITICAL ● exploited Injection EPSS 94% → fixed in 8.2.3 CVE-2021-26086 MEDIUM ● exploited Path traversal EPSS 94% → fixed in 8.16.1 CVE-2019-8451 MEDIUM Server-side request forgery (SSRF) EPSS 94% → fixed in 8.4.0 CVE-2024-21683 HIGH Code injection EPSS 94% → fixed in 9.12.8 CVE-2019-8442 HIGH EPSS 94% → fixed in 8.1.1 CVE-2020-14181 MEDIUM Information disclosure EPSS 94% → fixed in 8.12.0 CVE-2020-14179 MEDIUM EPSS 93% → fixed in 8.11.1 CVE-2022-0540 CRITICAL Improper authentication EPSS 93% → fixed in 8.22.0 CVE-2020-36289 MEDIUM Incorrect authorization EPSS 92% → fixed in 8.15.1 CVE-2019-3403 MEDIUM Incorrect authorization EPSS 88% → fixed in 8.1.1 CVE-2020-29453 MEDIUM Path traversal EPSS 87% → fixed in 8.15.0 CVE-2022-26135 MEDIUM Server-side request forgery (SSRF) EPSS 84% → fixed in 8.22.4ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping