Filtered by vendor Atlassian
Subscriptions
Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18087 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | N/A |
| The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | ||||
| CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2024-09-17 | N/A |
| Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | ||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2024-09-17 | N/A |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | ||||
| CVE-2020-4027 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-09-17 | 4.7 Medium |
| Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1. | ||||
| CVE-2017-18103 | 1 Atlassian | 1 Http Library | 2024-09-17 | N/A |
| The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml. | ||||
| CVE-2017-14587 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | N/A |
| The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. | ||||
| CVE-2021-43946 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-17 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9. | ||||
| CVE-2021-43956 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | 6.1 Medium |
| The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. | ||||
| CVE-2021-43951 | 1 Atlassian | 1 Jira Service Management | 2024-09-17 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. | ||||
| CVE-2019-15000 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | 9.8 Critical |
| The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands. | ||||
| CVE-2019-20903 | 1 Atlassian | 1 Editor-core | 2024-09-17 | 5.4 Medium |
| The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. | ||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-17 | 6.1 Medium |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | ||||
| CVE-2021-26072 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-09-17 | 4.3 Medium |
| The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | N/A |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | ||||
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2024-09-17 | N/A |
| Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | ||||
| CVE-2019-20902 | 1 Atlassian | 1 Crowd | 2024-09-17 | 7.5 High |
| Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1. | ||||
| CVE-2021-41312 | 1 Atlassian | 2 Data Center, Jira | 2024-09-17 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. | ||||
| CVE-2017-16865 | 1 Atlassian | 1 Jira | 2024-09-17 | N/A |
| The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | ||||
| CVE-2020-14180 | 1 Atlassian | 1 Jira Service Desk | 2024-09-17 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | ||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2024-09-17 | 5.3 Medium |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | ||||