Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2021/07/08 11:44 a.m.55 views

Local Privilege Escalation via DLL hijack - CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center...

7.8CVSS6AI score0.0033EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/26 5:2 p.m.55 views

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...

10CVSS1.3AI score0.82715EPSS
Exploits14Affected Software1
Atlassian
Atlassian
added 2020/06/23 4:39 p.m.55 views

MITM in Repository Import - CVE-2020-14171

Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...

6.5CVSS6.8AI score0.00558EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:26 p.m.55 views

Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015

The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...

4.3CVSS5.6AI score0.0096EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/03/18 4:6 p.m.55 views

Opening 404 page (page not found) without user session will open 404 page instead of opening login page.

h3. Issue Summary Opening a random page on Jira with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/03/14 4:40 a.m.55 views

XSS Vulnerability in wiki markup

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-51825. panel Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/15 1:46 p.m.55 views

Two factor Authentication

As a company IT administrator of our company I want that all users authenticate to bamboo in two steps username password & app or sms. So that I'm always sure that a employee of our company logs in bamboo instead of a hacker. This makes even my infrastructure more secure...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/02/04 2:52 a.m.55 views

Update Java version bundled found in the installer to a version >= 1.8u71

Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...

10CVSS2.1AI score0.14714EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:53 a.m.54 views

DoS (Denial of Service) org.eclipse.jetty:jetty-io Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-io Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-io Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.8CVSS7.1AI score0.53861EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:50 a.m.54 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.02959EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.54 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...

7.5CVSS7.3AI score0.01048EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/14 3:45 a.m.54 views

Info Disclosure com.google.guava:guava in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of...

7.1CVSS6.2AI score0.00248EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/07 7:5 p.m.54 views

Confluence Apache Tomcat CVE-2022-34305

This is reproducible on Data Center: yes The current version of Tomcat 9.0.63 is bundled with Confluence 7.18.2 and Confluence 7.13.8 are vulnerable to CVE-2022-34305 https://vulners.com/cve/CVE-2022-34305 h3. Steps to Reproduce - h3. Expected Results - h3. Actual Results - h3. Workaround Manuall...

6.1CVSS6.3AI score0.06156EPSS
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:15 a.m.54 views

CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...

6.1CVSS6.1AI score0.00703EPSS
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:1 a.m.54 views

CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts

Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials...

9.8CVSS3.9AI score0.01408EPSS
Exploits0
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.54 views

Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-43944

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator permissions to execute arbitrary code via Template Injecti...

7.2CVSS6.4AI score0.02225EPSS
Exploits0
Atlassian
Atlassian
added 2020/11/19 12:22 a.m.54 views

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

7.5CVSS6.8AI score0.01212EPSS
Exploits0
Atlassian
Atlassian
added 2020/09/23 9:5 p.m.54 views

JSW Server not vulnerable to an Insecure Deserialization issue in Jackson Databind - CVE-2018-14720

Scanners may falsely flag some versions of Jira Software Server before 8.5.5 as vulnerable to an Insecure Deserialization issue in Jackson Databind CVE-2018-14720. This vulnerability in a transitive dependency was being flagged because Jira Software assumed the version of applinks provided by Jir...

9.8CVSS3.7AI score0.07524EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/08/03 10:44 p.m.54 views

TinyMCE XSS vulnerability on version 4.7.11

h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/16 3:4 a.m.54 views

Improper authorization in Project Administration - Others - CVE-2020-14165

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to obtain information about custom project avatars via an improper authorization vulnerability in the UniversalAvatarResource.getAvatars resource. Affected versions: version 8.9.0 Fixed versions: 8.9.0...

5.3CVSS7.4AI score0.01005EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/08 9:26 a.m.54 views

The console login did not rotate the session id during login - CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...

8.1CVSS5.7AI score0.01427EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/08 9:8 a.m.54 views

Various resources included the current remote directory password in their responses - CVE-2016-10740

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...

4.9CVSS4.6AI score0.01056EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/02/02 12:11 a.m.54 views

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

8.8CVSS8.8AI score0.77823EPSS
Exploits9Affected Software1
Atlassian
Atlassian
added 2013/03/08 2:27 a.m.54 views

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/05/13 5:29 p.m.53 views

Security Misconfiguration in Jira Software Data Center

This High severity Security Misconfiguration vulnerability was introduced in versions 9.12.32, 10.3.17, and 11.3.3 of Jira Software Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

7.5CVSS5.8AI score0.00259EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:51 a.m.53 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS7AI score0.12504EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 8:46 p.m.53 views

com.google.guava:guava Dependency in Confluence Data Center and Server

This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...

7.1CVSS7.7AI score0.00248EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/12 1:45 p.m.53 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.02824EPSS
Exploits2
Atlassian
Atlassian
added 2023/06/26 7:32 a.m.53 views

Upgrade Tomcat to fix CVE-2023-34981

h3. Issue Summary Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981 panel:bgColor=e3fcef Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases. This is an...

7.5CVSS7.4AI score0.01116EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/27 1:53 a.m.53 views

User without "Browse Users" permission can view groups - CVE-2022-36800

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. Affected...

4.3CVSS5.6AI score0.00544EPSS
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:15 a.m.53 views

CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...

6.1CVSS6.1AI score0.00703EPSS
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:2 a.m.53 views

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2021/12/22 3:5 a.m.53 views

Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...

4.8CVSS5.1AI score0.00422EPSS
Exploits0
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.53 views

jira-importers-plugin has misconfigured XSRF protection - CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...

6.5CVSS6.5AI score0.00616EPSS
Exploits0
Atlassian
Atlassian
added 2021/04/12 3:50 p.m.53 views

8.5 and 8.13 LTS releases should bundle Tomcat 8.5.63 or higher

h3. Issue Summary The Apache Tomcat version used by the currently available LTS Long Term Support releases has a few vulnerabilities, therefore the next LTS release should bundle an updated version of Tomcat. h3. Steps to Reproduce Not applicable. h3. Expected Results Not applicable. h3. Actual...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2020/04/16 9:16 p.m.53 views

Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...

7.8CVSS5.1AI score0.00355EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:46 p.m.53 views

Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...

5.3CVSS4.5AI score0.01245EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 6:58 p.m.53 views

Improper authorization vulnerablity in the /profile/deleteWatch.do resource- CVE-2020-4014

The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability...

4.3CVSS5.9AI score0.00765EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/08 3:13 a.m.53 views

DoS via missing input validation in UserPickerBrowser.jspa - CVE-2019-20413

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability on the UserPickerBrowser.jspa page. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...

7.5CVSS7.2AI score0.02129EPSS
Exploits0
Atlassian
Atlassian
added 2019/02/14 10:3 p.m.53 views

Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons...

9.8CVSS4.1AI score0.34731EPSS
Exploits0
Atlassian
Atlassian
added 2011/06/27 11:56 p.m.53 views

logout.action is not protected against XSRF - CVE-2012-6342

Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...

6.8CVSS6.3AI score0.01665EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2025/04/23 10:59 p.m.52 views

PrivEsc (Privilege Escalation) in Jira Core Data Center

Summary: This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center. This PrivEsc Privilege Escalation vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged...

8.8CVSS9.3AI score0.00445EPSS
Exploits0
Atlassian
Atlassian
added 2024/07/11 7:10 a.m.52 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS8AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:52 a.m.52 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.05041EPSS
Exploits2
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.52 views

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...

7.5CVSS7.3AI score0.0232EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/31 6:46 a.m.52 views

DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

7.5CVSS7.1AI score0.01449EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.52 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.01048EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.52 views

FasterXML Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.02824EPSS
Exploits2
Atlassian
Atlassian
added 2023/07/13 10:0 a.m.52 views

Third-Party Dependency Vulnerability in Confluence

This high severity Patch Management vulnerability was introduced in version 7.13.15 of Confluence Data Center & Server. This Patch Management vulnerability, with CVSS Scores of 7.5, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has no...

7.5CVSS8.3AI score0.46836EPSS
Exploits1
Atlassian
Atlassian
added 2022/07/04 12:1 p.m.52 views

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

Fisheye in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Fisheye 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...

9.8CVSS7AI score0.66537EPSS
Exploits1
Total number of security vulnerabilities4295