Injection org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 9.12.1, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0,...

Improper Authorization org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Improper Authorization vulnerability was introduced in versions 9.12.1, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0,...

Prototype Pollution axios Dependency in Jira Service Management Data Center and Server

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service Management Data Center and Server...

Prototype Pollution axios Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center and Server. This...

Information Disclosure org.apache.tomcat:tomcat-websocket Dependency in Jira Service Management Data Center and Server

This High severity Information Disclosure vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center and Server. This Information Disclosure vulnerability, with ...

Improper Authorization org.springframework.security:spring-security-core Dependency in Crucible Data Center and Server

This High severity Improper Authorization vulnerability was introduced in version 4.9.0 of Crucible Server. This Improper Authorization vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N allows an unauthenticated attacker to gain unintended...

BASM (Broken Authentication & Session Management) org.springframework.security:spring-security-core Dependency in Crucible Data Center and Server

This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 4.9.0 of Crucible Server. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allow...

BASM (Broken Authentication & Session Management) org.springframework.security:spring-security-core Dependency in Crucible Data Center and Server

This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 4.9.0 of Crucible Server. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allow...

DoS (Denial of Service) org.postgresql:postgresql Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.2.9, 10.2.10, 10.2.11, 10.2.12, 10.2.13, 10.2.14, 10.2.15, 10.2.16, 10.2.18, and 10.2.19 of Bamboo Data Center. This DoS Denial of Service...

Cryptographic Failure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Cryptographic Failure vulnerability was introduced in version 11.3.4 of Jira Software Data Center. This Cryptographic Failure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to to get...

Information Disclosure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Information Disclosure vulnerability, with a CVS...

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Crowd Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Injection org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1,...

RCE (Remote Code Execution) org.apache.activemq:activemq-broker Dependency in Bamboo Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 10.2.0 and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, allows an authenticated attacker...

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an...

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

DoS (Denial of Service) io.netty:netty-codec Dependency in Crowd Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

DoS (Denial of Service) org.postgresql:postgresql Dependency in Crowd Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.0, 6.1.0, 6.2.0, 6.3.6, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...

RCE (Remote Code Execution) axios Dependency in Jira Service Management Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score ...

RCE (Remote Code Execution) axios Dependency in Jira Software Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7 and a...

DoS (Denial of Service) axios Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...

Information Disclosure axios Dependency in Bamboo Data Center

This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

DoS (Denial of Service) axios Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.9, 11.0.7, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticate...

Information Disclosure axios Dependency in Bamboo Data Center

This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows...

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 a...

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service Management Data Center. This HT...

Cryptographic Failure org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center

This High severity Cryptographic Failure vulnerability was introduced in versions 5.12.32, 10.3.17, and 11.3.3 of Jira Service Management Data Center. This Cryptographic Failure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

MITM (Man-in-the-Middle) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center

This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Injection axios Dependency in Bitbucket Data Center

This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...

Injection axios Dependency in Bitbucket Data Center

This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) @isaacs/brace-expansion Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

DoS (Denial of Service) @isaacs/brace-expansion Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.7 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a...

DoS (Denial of Service) react-router Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows ...

DoS (Denial of Service) react-router Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

RCE (Remote Code Execution) react-router Dependency in Jira Service Management Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H...

RCE (Remote Code Execution) react-router Dependency in Jira Software Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an...

XSS (Cross Site Scripting) turbo-stream Dependency in Jira Service Management Data Center

This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

XSS (Cross Site Scripting) turbo-stream Dependency in Jira Software Data Center

This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Business Logic Vulnerability Apache Tomcat Dependency in Jira Software Data Center

This High severity Business Logic vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Business Logic vulnerability, with a CVSS Score of 7.5 and a CVS...

BASM (Broken Authentication & Session Management) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1,...

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of...

Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This Critical severity Improper Authorization vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Improper Authorization vulnerability, with a CVSS...

Injection org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0,...

SSRF (Server-Side Request Forgery) axios Dependency in Jira Service Management Data Center

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.5 of Jira Service Management Data Center. This SSRF Server-Side Request Forgery vulnerability, with...

DoS (Denial of Service) io.netty:netty-codec Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score ...

Injection axios Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 5.17.2, 10.3.12, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data...

Injection axios Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 9.17.2, 10.3.12, 11.2.1, and 11.3.0 of Jira Software Data Center. This Injectio...