← Back

Atlassian

atlassian

466 CVEs • 59 products

Products (59)

Click to collapse
Toggle
Jira
jira
142 CVEs
Jira Server
jira_server
135 CVEs
Jira Data Center
jira_data_center
79 CVEs
Fisheye
fisheye
52 CVEs
Crucible
crucible
52 CVEs
Confluence Server
confluence_server
49 CVEs
Jira Software Data Center
jira_software_data_center
39 CVEs
Data Center
data_center
38 CVEs
Confluence Data Center
confluence_data_center
36 CVEs
Bamboo
bamboo
24 CVEs
Crowd
crowd
24 CVEs
Bitbucket
bitbucket
20 CVEs
Confluence
confluence
19 CVEs
Jira Service Management
jira_service_management
16 CVEs
Sourcetree
sourcetree
15 CVEs
Jira Align
jira_align
13 CVEs
Jira Service Desk
jira_service_desk
12 CVEs
Application Links
application_links
7 CVEs
Hipchat
hipchat
5 CVEs
Floodlight
floodlight
4 CVEs
Agiloft
agiloft
4 CVEs
Hipchat Server
hipchat_server
3 CVEs
Universal Plugin Manager
universal_plugin_manager
3 CVEs
Questions For Confluence
questions_for_confluence
3 CVEs
Companion
companion
3 CVEs
Bitbucket Data Center
bitbucket_data_center
3 CVEs
Crowd2
crowd2
2 CVEs
Saml Single Sign On
saml_single_sign_on
2 CVEs
Connect Spring Boot
connect_spring_boot
2 CVEs
Assets Discovery Data Center
assets_discovery_data_center
2 CVEs
Jira Core
jira_core
1 CVE
Jira Integration For Hipchat
jira_integration_for_hipchat
1 CVE
Oauth
oauth
1 CVE
Hipchat Data Center
hipchat_data_center
1 CVE
Bitbucket Auto Unapprove Plugin
bitbucket_auto_unapprove_plugin
1 CVE
Activity Streams
activity_streams
1 CVE
Floodlight Controller
floodlight_controller
1 CVE
Http Library
http_library
1 CVE
Cloudtoken
cloudtoken
1 CVE
Html Include And Replace Macro
html_include_and_replace_macro
1 CVE
Troubleshooting And Support
troubleshooting_and_support
1 CVE
Greenhopper
greenhopper
1 CVE
Subversion Application Lifecycle Management
subversion_application_lifecycle_management
1 CVE
Navigator Links
navigator_links
1 CVE
Editor Core
editor-core
1 CVE
Jira Create
jira_create
1 CVE
Jira Comment
jira_comment
1 CVE
Automation For Jira
automation_for_jira
1 CVE
Alfresco Enterprise Content Management
alfresco_enterprise_content_management
1 CVE
Atlassian Gadgets
atlassian-gadgets
1 CVE
Jira Server For Slack
jira_server_for_slack
1 CVE
Connect Express
connect_express
1 CVE
Atlasboard
atlasboard
1 CVE
Jira Server And Data Center
jira_server_and_data_center
1 CVE
Bamboo Data Center
bamboo_data_center
1 CVE
Bamboo Server
bamboo_server
1 CVE
Bitbucket Server
bitbucket_server
1 CVE
Assets Discovery Cloud
assets_discovery_cloud
1 CVE
Assets Discovery Data Server
assets_discovery_data_server
1 CVE

CVEs (466)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-18083
1Atlassian
1Confluence
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploade...Show more
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.Show less
CVE-2017-18082
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
CVE-2017-18081
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
CVE-2017-18080
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18042
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18041
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a r...Show more
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.Show less
CVE-2017-18040
1Atlassian
1Bamboo
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
CVE-2017-18039
1Atlassian
1Jira
Nov 21, 2024
Feb 2, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThre...Show more
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.Show less
CVE-2017-18038
1Atlassian
1Bitbucket
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
CVE-2017-18037
1Atlassian
1Bitbucket
Nov 21, 2024
Feb 2, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 befor...Show more
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.Show less
CVE-2017-18036
1Atlassian
1Bitbucket
Nov 21, 2024
Feb 2, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) v...Show more
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.Show less
CVE-2017-18035
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Feb 2, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have acc...Show more
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.Show less
CVE-2017-18034
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Feb 2, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cros...Show more
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.Show less
CVE-2017-16861
1Atlassian
2Crucible
Fisheye
Nov 21, 2024
Feb 1, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website t...Show more
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.Show less
CVE-2017-16858
1Atlassian
1Crowd
Nov 21, 2024
Jan 31, 2018
N/A· v4
6.8 MEDIUM· v3
4.9 MEDIUM· v2
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to...Show more
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.Show less
CVE-2017-9513
1Atlassian
1Activity Streams
Nov 21, 2024
Jan 29, 2018
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched pa...Show more
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.Show less
CVE-2017-14593
1Atlassian
1Sourcetree
Nov 21, 2024
Jan 26, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit t...Show more
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerabilityShow less
CVE-2017-14592
1Atlassian
1Sourcetree
Nov 21, 2024
Jan 26, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this...Show more
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.Show less
CVE-2017-16863
1Atlassian
1Jira
Nov 21, 2024
Jan 18, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
CVE-2017-18033
1Atlassian
1Jira
Nov 21, 2024
Jan 18, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.