← Back

Atlassian

atlassian

466 CVEs • 59 products

Products (59)

Click to collapse
Toggle
Jira
jira
142 CVEs
Jira Server
jira_server
135 CVEs
Jira Data Center
jira_data_center
79 CVEs
Fisheye
fisheye
52 CVEs
Crucible
crucible
52 CVEs
Confluence Server
confluence_server
49 CVEs
Jira Software Data Center
jira_software_data_center
39 CVEs
Data Center
data_center
38 CVEs
Confluence Data Center
confluence_data_center
36 CVEs
Bamboo
bamboo
24 CVEs
Crowd
crowd
24 CVEs
Bitbucket
bitbucket
20 CVEs
Confluence
confluence
19 CVEs
Jira Service Management
jira_service_management
16 CVEs
Sourcetree
sourcetree
15 CVEs
Jira Align
jira_align
13 CVEs
Jira Service Desk
jira_service_desk
12 CVEs
Application Links
application_links
7 CVEs
Hipchat
hipchat
5 CVEs
Floodlight
floodlight
4 CVEs
Agiloft
agiloft
4 CVEs
Hipchat Server
hipchat_server
3 CVEs
Universal Plugin Manager
universal_plugin_manager
3 CVEs
Questions For Confluence
questions_for_confluence
3 CVEs
Companion
companion
3 CVEs
Bitbucket Data Center
bitbucket_data_center
3 CVEs
Crowd2
crowd2
2 CVEs
Saml Single Sign On
saml_single_sign_on
2 CVEs
Connect Spring Boot
connect_spring_boot
2 CVEs
Assets Discovery Data Center
assets_discovery_data_center
2 CVEs
Jira Core
jira_core
1 CVE
Jira Integration For Hipchat
jira_integration_for_hipchat
1 CVE
Oauth
oauth
1 CVE
Hipchat Data Center
hipchat_data_center
1 CVE
Bitbucket Auto Unapprove Plugin
bitbucket_auto_unapprove_plugin
1 CVE
Activity Streams
activity_streams
1 CVE
Floodlight Controller
floodlight_controller
1 CVE
Http Library
http_library
1 CVE
Cloudtoken
cloudtoken
1 CVE
Html Include And Replace Macro
html_include_and_replace_macro
1 CVE
Troubleshooting And Support
troubleshooting_and_support
1 CVE
Greenhopper
greenhopper
1 CVE
Subversion Application Lifecycle Management
subversion_application_lifecycle_management
1 CVE
Navigator Links
navigator_links
1 CVE
Editor Core
editor-core
1 CVE
Jira Create
jira_create
1 CVE
Jira Comment
jira_comment
1 CVE
Automation For Jira
automation_for_jira
1 CVE
Alfresco Enterprise Content Management
alfresco_enterprise_content_management
1 CVE
Atlassian Gadgets
atlassian-gadgets
1 CVE
Jira Server For Slack
jira_server_for_slack
1 CVE
Connect Express
connect_express
1 CVE
Atlasboard
atlasboard
1 CVE
Jira Server And Data Center
jira_server_and_data_center
1 CVE
Bamboo Data Center
bamboo_data_center
1 CVE
Bamboo Server
bamboo_server
1 CVE
Bitbucket Server
bitbucket_server
1 CVE
Assets Discovery Cloud
assets_discovery_cloud
1 CVE
Assets Discovery Data Server
assets_discovery_data_server
1 CVE

CVEs (466)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-36237
1Atlassian
2Data Center
Jira
Nov 21, 2024
Feb 15, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. T...Show more
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.Show less
CVE-2020-36236
1Atlassian
4Jira
Jira Data CenterJira Server+1 more
Nov 21, 2024
Feb 15, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.js...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.Show less
CVE-2020-36235
1Atlassian
3Jira
Jira ServerJira Software Data Center
Nov 21, 2024
Feb 15, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affecte...Show more
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.Show less
CVE-2020-36234
1Atlassian
4Data Center
JiraJira Data Center+1 more
Nov 21, 2024
Feb 15, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.Show less
CVE-2020-36231
1Atlassian
4Jira
Jira Data CenterJira Server+1 more
Nov 21, 2024
Feb 2, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected...Show more
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.Show less
CVE-2020-14192
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Feb 2, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions...Show more
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.Show less
CVE-2021-26067
1Atlassian
1Bamboo
Nov 21, 2024
Jan 28, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensiti...Show more
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.Show less
CVE-2020-29450
1Atlassian
2Confluence Data Center
Confluence Server
Nov 21, 2024
Jan 19, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected vers...Show more
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.Show less
CVE-2020-29446
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Jan 18, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before vers...Show more
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.Show less
CVE-2020-29447
1Atlassian
1Crucible
Nov 21, 2024
Dec 21, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected version...Show more
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.Show less
CVE-2020-14193
1Atlassian
1Automation For Jira
Nov 21, 2024
Nov 30, 2020
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template inje...Show more
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.Show less
CVE-2020-14190
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Nov 25, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
CVE-2020-14191
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Nov 25, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affec...Show more
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.Show less
CVE-2020-14189
1Atlassian
1Jira Comment
Nov 21, 2024
Nov 9, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue...Show more
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.Show less
CVE-2020-14188
1Atlassian
1Jira Create
Nov 21, 2024
Nov 9, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub iss...Show more
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.Show less
CVE-2020-14185
1Atlassian
2Jira
Jira Server
Nov 21, 2024
Oct 15, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version...Show more
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.Show less
CVE-2020-14184
1Atlassian
2Jira
Jira Server
Nov 21, 2024
Oct 12, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before...Show more
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.Show less
CVE-2020-14183
1Atlassian
1Jira
Nov 21, 2024
Oct 6, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTT...Show more
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.Show less
CVE-2019-20903
1Atlassian
1Editor Core
Nov 21, 2024
Oct 1, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2019-20902
1Atlassian
1Crowd
Nov 21, 2024
Oct 1, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.