Filtered by vendor Atlassian
Subscriptions
Total
434 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-1000418 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2024-08-05 | N/A |
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | ||||
CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-08-05 | N/A |
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | ||||
CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | ||||
CVE-2019-15053 | 1 Atlassian | 1 Html Include And Replace Macro | 2024-08-05 | N/A |
The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. | ||||
CVE-2019-13990 | 6 Apache, Atlassian, Netapp and 3 more | 35 Tomee, Jira Service Management, Active Iq Unified Manager and 32 more | 2024-08-05 | 9.8 Critical |
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | ||||
CVE-2019-13347 | 1 Atlassian | 1 Saml Single Sign On | 2024-08-04 | 7.5 High |
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value. | ||||
CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2024-08-04 | 9.8 Critical |
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | ||||
CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2024-08-04 | 9.8 Critical |
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||||
CVE-2020-18683 | 1 Atlassian | 1 Floodlight | 2024-08-04 | 9.8 Critical |
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | ||||
CVE-2020-12873 | 1 Atlassian | 1 Alfresco Enterprise Content Management | 2024-08-04 | 8.8 High |
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | ||||
CVE-2020-9344 | 1 Atlassian | 1 Subversion Application Lifecycle Management | 2024-08-04 | 6.1 Medium |
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | ||||
CVE-2021-37843 | 1 Atlassian | 1 Saml Single Sign On | 2024-08-04 | 9.8 Critical |
The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9. | ||||
CVE-2022-43781 | 1 Atlassian | 1 Bitbucket | 2024-08-03 | 9.8 Critical |
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. | ||||
CVE-2022-43782 | 1 Atlassian | 1 Crowd | 2024-08-03 | 9.8 Critical |
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 | ||||
CVE-2022-42978 | 1 Atlassian | 1 Confluence Data Center | 2024-08-03 | 7.5 High |
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | ||||
CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2024-08-03 | 7.5 High |
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | ||||
CVE-2023-22524 | 2 Apple, Atlassian | 2 Macos, Companion | 2024-08-02 | 9.8 Critical |
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. | ||||
CVE-2023-22526 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-08-02 | 8.8 High |
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program | ||||
CVE-2023-22521 | 1 Atlassian | 1 Crowd | 2024-08-02 | 8.8 High |
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program |