← Back

Atlassian

atlassian

466 CVEs • 59 products

Products (59)

Click to collapse
Toggle
Jira
jira
142 CVEs
Jira Server
jira_server
135 CVEs
Jira Data Center
jira_data_center
79 CVEs
Fisheye
fisheye
52 CVEs
Crucible
crucible
52 CVEs
Confluence Server
confluence_server
49 CVEs
Jira Software Data Center
jira_software_data_center
39 CVEs
Data Center
data_center
38 CVEs
Confluence Data Center
confluence_data_center
36 CVEs
Bamboo
bamboo
24 CVEs
Crowd
crowd
24 CVEs
Bitbucket
bitbucket
20 CVEs
Confluence
confluence
19 CVEs
Jira Service Management
jira_service_management
16 CVEs
Sourcetree
sourcetree
15 CVEs
Jira Align
jira_align
13 CVEs
Jira Service Desk
jira_service_desk
12 CVEs
Application Links
application_links
7 CVEs
Hipchat
hipchat
5 CVEs
Floodlight
floodlight
4 CVEs
Agiloft
agiloft
4 CVEs
Hipchat Server
hipchat_server
3 CVEs
Universal Plugin Manager
universal_plugin_manager
3 CVEs
Questions For Confluence
questions_for_confluence
3 CVEs
Companion
companion
3 CVEs
Bitbucket Data Center
bitbucket_data_center
3 CVEs
Crowd2
crowd2
2 CVEs
Saml Single Sign On
saml_single_sign_on
2 CVEs
Connect Spring Boot
connect_spring_boot
2 CVEs
Assets Discovery Data Center
assets_discovery_data_center
2 CVEs
Jira Core
jira_core
1 CVE
Jira Integration For Hipchat
jira_integration_for_hipchat
1 CVE
Oauth
oauth
1 CVE
Hipchat Data Center
hipchat_data_center
1 CVE
Bitbucket Auto Unapprove Plugin
bitbucket_auto_unapprove_plugin
1 CVE
Activity Streams
activity_streams
1 CVE
Floodlight Controller
floodlight_controller
1 CVE
Http Library
http_library
1 CVE
Cloudtoken
cloudtoken
1 CVE
Html Include And Replace Macro
html_include_and_replace_macro
1 CVE
Troubleshooting And Support
troubleshooting_and_support
1 CVE
Greenhopper
greenhopper
1 CVE
Subversion Application Lifecycle Management
subversion_application_lifecycle_management
1 CVE
Navigator Links
navigator_links
1 CVE
Editor Core
editor-core
1 CVE
Jira Create
jira_create
1 CVE
Jira Comment
jira_comment
1 CVE
Automation For Jira
automation_for_jira
1 CVE
Alfresco Enterprise Content Management
alfresco_enterprise_content_management
1 CVE
Atlassian Gadgets
atlassian-gadgets
1 CVE
Jira Server For Slack
jira_server_for_slack
1 CVE
Connect Express
connect_express
1 CVE
Atlasboard
atlasboard
1 CVE
Jira Server And Data Center
jira_server_and_data_center
1 CVE
Bamboo Data Center
bamboo_data_center
1 CVE
Bamboo Server
bamboo_server
1 CVE
Bitbucket Server
bitbucket_server
1 CVE
Assets Discovery Cloud
assets_discovery_cloud
1 CVE
Assets Discovery Data Server
assets_discovery_data_server
1 CVE

CVEs (466)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-41306
1Atlassian
3Jira
Jira ServerJira Software Data Center
Nov 21, 2024
Oct 26, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in St...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.Show less
CVE-2021-41305
1Atlassian
2Jira
Jira Software Data Center
Nov 21, 2024
Oct 26, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average N...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..Show less
CVE-2021-41304
1Atlassian
4Data Center
JiraJira Data Center+1 more
Nov 21, 2024
Oct 26, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage....Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2.Show less
CVE-2021-39127
1Atlassian
4Jira
Jira Data CenterJira Server+1 more
Nov 21, 2024
Oct 21, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are bef...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.Show less
CVE-2021-39126
1Atlassian
2Jira Data Center
Jira Server
Nov 21, 2024
Oct 21, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in th...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.Show less
CVE-2020-18685
1Atlassian
1Floodlight
Nov 21, 2024
Sep 30, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.
CVE-2020-18684
1Atlassian
1Floodlight
Nov 21, 2024
Sep 30, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.
CVE-2020-18683
1Atlassian
1Floodlight
Nov 21, 2024
Sep 30, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.
CVE-2021-39128
1Atlassian
2Jira Data Center
Jira Server
Nov 21, 2024
Sep 16, 2021
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection...Show more
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.Show less
CVE-2021-39125
1Atlassian
3Data Center
JiraJira Server
Nov 21, 2024
Sep 14, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.Show less
CVE-2021-39124
1Atlassian
2Data Center
Jira
Nov 21, 2024
Sep 14, 2021
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF prote...Show more
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.Show less
CVE-2021-39123
1Atlassian
2Data Center
Jira
Nov 21, 2024
Sep 14, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsReso...Show more
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0.Show less
CVE-2021-39118
1Atlassian
2Data Center
Jira
Nov 21, 2024
Sep 14, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected vers...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0.Show less
CVE-2019-20101
1Atlassian
2Data Center
Jira
Nov 21, 2024
Sep 14, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.Show less
CVE-2021-39122
1Atlassian
4Data Center
JiraJira Data Center+1 more
Nov 21, 2024
Sep 8, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are...Show more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.Show less
CVE-2021-39121
1Atlassian
4Data Center
JiraJira Data Center+1 more
Nov 21, 2024
Sep 8, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectva...Show more
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.Show less
CVE-2021-39116
1Atlassian
2Jira Data Center
Jira Server
Nov 21, 2024
Sep 8, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versi...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0.Show less
CVE-2021-39119
1Atlassian
2Data Center
Jira
Nov 21, 2024
Sep 1, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerabil...Show more
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0.Show less
CVE-2021-39115
1Atlassian
2Jira Service Desk
Jira Service Management
Nov 21, 2024
Sep 1, 2021
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Tem...Show more
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.Show less
CVE-2021-39109
1Atlassian
1Atlasboard
Nov 21, 2024
Sep 1, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.