Filtered by vendor Atlassian
Subscriptions
Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41305 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-09-17 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | ||||
| CVE-2020-14188 | 1 Atlassian | 1 Jira Create | 2024-09-17 | 9.8 Critical |
| The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | ||||
| CVE-2021-43955 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | 4.3 Medium |
| The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. | ||||
| CVE-2017-9510 | 1 Atlassian | 1 Fisheye | 2024-09-17 | N/A |
| The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | ||||
| CVE-2019-15012 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | 8.8 High |
| Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance. | ||||
| CVE-2021-39111 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-17 | 6.1 Medium |
| The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. | ||||
| CVE-2018-13391 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-17 | N/A |
| The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. | ||||
| CVE-2019-20416 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-09-17 | 4.8 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | ||||
| CVE-2021-43950 | 1 Atlassian | 1 Jira Service Management | 2024-09-17 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. | ||||
| CVE-2020-14193 | 1 Atlassian | 1 Automation For Jira | 2024-09-17 | 5.4 Medium |
| Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. | ||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-17 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | ||||
| CVE-2020-14170 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | 4.3 Medium |
| Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2017-18092 | 1 Atlassian | 1 Crucible | 2024-09-17 | N/A |
| The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. | ||||
| CVE-2020-4026 | 1 Atlassian | 1 Navigator Links | 2024-09-17 | 4.3 Medium |
| The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | ||||
| CVE-2019-11589 | 1 Atlassian | 1 Jira Server | 2024-09-17 | N/A |
| The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | ||||
| CVE-2017-18038 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | N/A |
| The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | ||||
| CVE-2019-3401 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-17 | 5.3 Medium |
| The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2019-20419 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-17 | 7.8 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. | ||||
| CVE-2020-14172 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-09-17 | 9.8 Critical |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1. | ||||
| CVE-2017-18033 | 1 Atlassian | 1 Jira | 2024-09-17 | N/A |
| The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | ||||