Filtered by vendor Atlassian
Subscriptions
Total
434 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-6285 | 1 Atlassian | 1 Jira | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | ||||
CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | ||||
CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-08-06 | N/A |
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | ||||
CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2024-08-06 | N/A |
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | ||||
CVE-2016-4318 | 1 Atlassian | 1 Jira | 2024-08-06 | N/A |
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | ||||
CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2024-08-06 | N/A |
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | ||||
CVE-2016-4319 | 1 Atlassian | 1 Jira | 2024-08-06 | N/A |
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | ||||
CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2024-08-05 | N/A |
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | ||||
CVE-2017-18100 | 1 Atlassian | 1 Jira | 2024-08-05 | N/A |
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | ||||
CVE-2017-18088 | 1 Atlassian | 1 Bitbucket | 2024-08-05 | N/A |
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | ||||
CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2024-08-05 | N/A |
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | ||||
CVE-2017-9505 | 1 Atlassian | 1 Confluence | 2024-08-05 | 4.3 Medium |
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself. | ||||
CVE-2017-8907 | 1 Atlassian | 1 Bamboo | 2024-08-05 | N/A |
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo. | ||||
CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2024-08-05 | N/A |
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | ||||
CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2024-08-05 | N/A |
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | ||||
CVE-2017-7415 | 1 Atlassian | 1 Confluence Server | 2024-08-05 | N/A |
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | ||||
CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2024-08-05 | N/A |
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||||
CVE-2017-5983 | 1 Atlassian | 1 Jira | 2024-08-05 | N/A |
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | ||||
CVE-2018-1000617 | 1 Atlassian | 1 Floodlight Controller | 2024-08-05 | N/A |
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). |