Filtered by vendor Atlassian
Subscriptions
Total
436 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4319 | 1 Atlassian | 1 Jira | 2024-08-06 | N/A |
| Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | ||||
| CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2024-08-05 | N/A |
| Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | ||||
| CVE-2017-18100 | 1 Atlassian | 1 Jira | 2024-08-05 | N/A |
| The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | ||||
| CVE-2017-18088 | 1 Atlassian | 1 Bitbucket | 2024-08-05 | N/A |
| Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | ||||
| CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2024-08-05 | N/A |
| Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | ||||
| CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2024-08-05 | N/A |
| Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | ||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2024-08-05 | N/A |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | ||||
| CVE-2017-7415 | 1 Atlassian | 1 Confluence Server | 2024-08-05 | N/A |
| Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | ||||
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2024-08-05 | N/A |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||||
| CVE-2017-5983 | 1 Atlassian | 1 Jira | 2024-08-05 | N/A |
| The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | ||||
| CVE-2018-1000617 | 1 Atlassian | 1 Floodlight Controller | 2024-08-05 | N/A |
| Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). | ||||
| CVE-2018-1000418 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
| An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2024-08-05 | N/A |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | ||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-08-05 | N/A |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | ||||
| CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2024-08-05 | N/A |
| An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | ||||
| CVE-2019-15053 | 1 Atlassian | 1 Html Include And Replace Macro | 2024-08-05 | N/A |
| The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. | ||||
| CVE-2019-13347 | 1 Atlassian | 1 Saml Single Sign On | 2024-08-04 | 7.5 High |
| An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value. | ||||
| CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2024-08-04 | 9.8 Critical |
| Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | ||||
| CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2024-08-04 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||||