Filtered by vendor Atlassian
Subscriptions
Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18104 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. | ||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-16 | 9.8 Critical |
| Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2021-39115 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2024-09-16 | 7.2 High |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. | ||||
| CVE-2021-26070 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-09-16 | 7.2 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. | ||||
| CVE-2019-20413 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
| CVE-2013-3925 | 1 Atlassian | 1 Crowd | 2024-09-16 | N/A |
| Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference. | ||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2024-09-16 | N/A |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | ||||
| CVE-2020-36233 | 2 Atlassian, Microsoft | 2 Bitbucket, Windows | 2024-09-16 | 7.8 High |
| The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | ||||
| CVE-2019-20105 | 1 Atlassian | 1 Application Links | 2024-09-16 | 4.9 Medium |
| The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability. | ||||
| CVE-2019-11582 | 1 Atlassian | 1 Sourcetree | 2024-09-16 | N/A |
| An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI. | ||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-16 | 5.3 Medium |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | ||||
| CVE-2019-8451 | 1 Atlassian | 1 Jira Server | 2024-09-16 | 6.5 Medium |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | ||||
| CVE-2020-4018 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-16 | 8.8 High |
| The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-14589 | 1 Atlassian | 1 Bamboo | 2024-09-16 | N/A |
| It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | ||||
| CVE-2018-20236 | 1 Atlassian | 1 Sourcetree | 2024-09-16 | N/A |
| There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | ||||
| CVE-2021-39127 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | ||||
| CVE-2017-18039 | 1 Atlassian | 1 Jira | 2024-09-16 | N/A |
| The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | ||||
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2024-09-16 | 7.5 High |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | ||||
| CVE-2021-39114 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-16 | 8.8 High |
| Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | ||||
| CVE-2017-18036 | 1 Atlassian | 1 Bitbucket | 2024-09-16 | N/A |
| The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | ||||