← Back

Atlassian

atlassian

466 CVEs • 59 products

Products (59)

Click to collapse
Toggle
Jira
jira
142 CVEs
Jira Server
jira_server
135 CVEs
Jira Data Center
jira_data_center
79 CVEs
Fisheye
fisheye
52 CVEs
Crucible
crucible
52 CVEs
Confluence Server
confluence_server
49 CVEs
Jira Software Data Center
jira_software_data_center
39 CVEs
Data Center
data_center
38 CVEs
Confluence Data Center
confluence_data_center
36 CVEs
Bamboo
bamboo
24 CVEs
Crowd
crowd
24 CVEs
Bitbucket
bitbucket
20 CVEs
Confluence
confluence
19 CVEs
Jira Service Management
jira_service_management
16 CVEs
Sourcetree
sourcetree
15 CVEs
Jira Align
jira_align
13 CVEs
Jira Service Desk
jira_service_desk
12 CVEs
Application Links
application_links
7 CVEs
Hipchat
hipchat
5 CVEs
Floodlight
floodlight
4 CVEs
Agiloft
agiloft
4 CVEs
Hipchat Server
hipchat_server
3 CVEs
Universal Plugin Manager
universal_plugin_manager
3 CVEs
Questions For Confluence
questions_for_confluence
3 CVEs
Companion
companion
3 CVEs
Bitbucket Data Center
bitbucket_data_center
3 CVEs
Crowd2
crowd2
2 CVEs
Saml Single Sign On
saml_single_sign_on
2 CVEs
Connect Spring Boot
connect_spring_boot
2 CVEs
Assets Discovery Data Center
assets_discovery_data_center
2 CVEs
Jira Core
jira_core
1 CVE
Jira Integration For Hipchat
jira_integration_for_hipchat
1 CVE
Oauth
oauth
1 CVE
Hipchat Data Center
hipchat_data_center
1 CVE
Bitbucket Auto Unapprove Plugin
bitbucket_auto_unapprove_plugin
1 CVE
Activity Streams
activity_streams
1 CVE
Floodlight Controller
floodlight_controller
1 CVE
Http Library
http_library
1 CVE
Cloudtoken
cloudtoken
1 CVE
Html Include And Replace Macro
html_include_and_replace_macro
1 CVE
Troubleshooting And Support
troubleshooting_and_support
1 CVE
Greenhopper
greenhopper
1 CVE
Subversion Application Lifecycle Management
subversion_application_lifecycle_management
1 CVE
Navigator Links
navigator_links
1 CVE
Editor Core
editor-core
1 CVE
Jira Create
jira_create
1 CVE
Jira Comment
jira_comment
1 CVE
Automation For Jira
automation_for_jira
1 CVE
Alfresco Enterprise Content Management
alfresco_enterprise_content_management
1 CVE
Atlassian Gadgets
atlassian-gadgets
1 CVE
Jira Server For Slack
jira_server_for_slack
1 CVE
Connect Express
connect_express
1 CVE
Atlasboard
atlasboard
1 CVE
Jira Server And Data Center
jira_server_and_data_center
1 CVE
Bamboo Data Center
bamboo_data_center
1 CVE
Bamboo Server
bamboo_server
1 CVE
Bitbucket Server
bitbucket_server
1 CVE
Assets Discovery Cloud
assets_discovery_cloud
1 CVE
Assets Discovery Data Server
assets_discovery_data_server
1 CVE

CVEs (466)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-9507
1Atlassian
2Crucible
Fisheye
May 13, 2026
Aug 24, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filt...Show more
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.Show less
CVE-2017-9506
1Atlassian
1Oauth
May 13, 2026
Aug 23, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or per...Show more
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).Show less
CVE-2017-9505
1Atlassian
1Confluence
May 13, 2026
Jun 15, 2017
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive w...Show more
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.Show less
CVE-2017-8907
1Atlassian
1Bamboo
May 13, 2026
Jun 14, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a...Show more
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.Show less
CVE-2017-8080
1Atlassian
1Hipchat Server
May 13, 2026
May 5, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
CVE-2017-8058
1Atlassian
1Hipchat
May 13, 2026
May 5, 2017
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API ca...Show more
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.Show less
CVE-2017-8768
1Atlassian
1Sourcetree
May 13, 2026
May 4, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or...Show more
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.Show less
CVE-2017-7415
1Atlassian
1Confluence Server
May 13, 2026
Apr 27, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
CVE-2017-7357
1Atlassian
1Hipchat Server
May 13, 2026
Apr 14, 2017
N/A· v4
9.1 CRITICAL· v3
6.5 MEDIUM· v2
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
CVE-2017-5983
1Atlassian
1Jira
May 13, 2026
Apr 10, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of...Show more
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.Show less
CVE-2016-4320
1Atlassian
1Bitbucket
May 13, 2026
Apr 10, 2017
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2016-4319
1Atlassian
1Jira
May 13, 2026
Apr 10, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVE-2016-4318
1Atlassian
1Jira
May 13, 2026
Apr 10, 2017
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVE-2016-4317
1Atlassian
1Confluence
May 13, 2026
Apr 10, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
CVE-2016-6285
1Atlassian
1Jira
May 13, 2026
Jan 31, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2016-6668
1Atlassian
2Confluence Server
Jira Integration For Hipchat
May 13, 2026
Jan 23, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before...Show more
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.Show less
CVE-2016-6283
1Atlassian
1Confluence
May 13, 2026
Jan 18, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVE-2016-6496
1Atlassian
1Crowd
May 6, 2026
Dec 9, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
CVE-2016-5229
1Atlassian
1Bamboo
May 6, 2026
Aug 2, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.
CVE-2015-8399
1Atlassian
1Confluence
May 6, 2026
Apr 11, 2016
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.