Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2019/05/06 4:6 a.m.49 views

Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...

9.8CVSS9.7AI score0.95355EPSS
Exploits6
Atlassian
Atlassian
added 2019/01/23 10:56 p.m.49 views

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

9.8CVSS4.6AI score0.97356EPSS
Exploits12
Atlassian
Atlassian
added 2017/07/17 7:50 a.m.49 views

Various XSS through a repository or review filename - CVE-2017-9508

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

5.4CVSS3.8AI score0.00826EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.49 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/01/03 3:5 a.m.49 views

Upgrade Tomcat to latest minor version

See http://www.cvedetails.com/cve/CVE-2011-4084/. We're shipping 6.0.32 at the moment...

0.8AI score
Exploits5Affected Software1
Atlassian
Atlassian
added 2024/05/16 4:11 a.m.48 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the PreferQueryMode=SIMPLE parameter required for this vulnerability in it...

10CVSS9.7AI score0.0481EPSS
Exploits0
Atlassian
Atlassian
added 2024/05/13 10:10 a.m.48 views

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

8.8CVSS7.3AI score0.01884EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/03 8:56 a.m.48 views

Bitbucket Data Center is affected by CVE-2024-25710

h3. Issue Summary Bitbucket is affected by CVE-2024-25710|https://nvd.nist.gov/vuln/detail/CVE-2024-25710 The affected file /app/WEB-INF/lib/commons-compress-1.21.jar h3. Steps to Reproduce N/A h3. Expected Results N/A h3. Actual Results N/A h3. Workaround Currently, there is no known workaround...

8.1CVSS6.5AI score0.00441EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/15 4:33 a.m.48 views

Stored XSS in Confluence Data Center

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS6.2AI score0.00471EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.48 views

DoS (Denial of Service) ch.qos.logback:logback-classic Dependency in Confluence Data Center and Server

This High severity ch.qos.logback:logback-classic Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. This ch.qos.logback:logback-classic Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

7.5CVSS7.1AI score0.009EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/11 6:46 a.m.48 views

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.4.0, 9.7.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. Jira Software Data Center versions 9.14.0, 9.13.0, 9.13.1 are NOT affected This...

7.5CVSS7.7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/03 12:45 a.m.48 views

org.apache.tomcat:tomcat-catalina Vulnerability in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.10.0, 7.14.0, and 7.20.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an...

7.5CVSS7.5AI score0.02505EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.48 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 5.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01655EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.48 views

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.95302EPSS
Exploits8
Atlassian
Atlassian
added 2023/10/06 5:44 p.m.48 views

jackson-databind Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.0486EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/26 4:12 p.m.48 views

org.apache.velocity Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, and 7.21.7 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

9CVSS7.7AI score0.22709EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/04 12:22 a.m.48 views

Workbox: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Workbox host plugin in Confluence is currently using underscore.js 1.3.1. This is old enough to not be vulnerable to CVE-2021-23358, but it should be using the version provided by Confluence, not its own The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and...

7.2CVSS2.2AI score0.04087EPSS
Exploits2
Atlassian
Atlassian
added 2022/03/16 5:14 a.m.48 views

A user can view the "createmeta" information of private projects

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected versions are...

5.4AI score
Exploits0
Atlassian
Atlassian
added 2021/12/22 3:18 a.m.48 views

Default field configuration can be restored via CSRF - CVE-2021-43952

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery CSRF vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. This bug is currently fixed on Jira 8.21.0. Non LT...

4.3CVSS5.5AI score0.00415EPSS
Exploits0
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.48 views

Unauthorized user can add administrator groups to filter subscriptions - CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

6.5CVSS4.9AI score0.01148EPSS
Exploits0
Atlassian
Atlassian
added 2021/08/02 12:53 a.m.48 views

Remote code execution in workflow import - CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability which allowed for various...

8.8CVSS9.1AI score0.01802EPSS
Exploits0
Atlassian
Atlassian
added 2021/06/22 10:58 a.m.48 views

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.48 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS5.8AI score0.0233EPSS
Exploits0
Atlassian
Atlassian
added 2020/11/18 9:48 p.m.48 views

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

7.5CVSS7.3AI score0.01212EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/23 4:39 p.m.48 views

MITM in Repository Import - CVE-2020-14171

Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...

6.5CVSS6.8AI score0.00558EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/16 3:4 a.m.48 views

Improper authorization in Project Administration - Others - CVE-2020-14165

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to obtain information about custom project avatars via an improper authorization vulnerability in the UniversalAvatarResource.getAvatars resource. Affected versions: version 8.9.0 Fixed versions: 8.9.0...

5.3CVSS7.4AI score0.01005EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:57 p.m.48 views

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS5.7AI score0.0057EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/12/21 6:6 a.m.48 views

XSS in the labels widget gadget - CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

5.4CVSS3.3AI score0.00911EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/12/21 5:4 a.m.48 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

8.8CVSS9.3AI score0.03677EPSS
Exploits1
Atlassian
Atlassian
added 2017/12/01 4:16 p.m.48 views

Users with 'Plan Admin' privileges can change Project Name

h3. Summary Users whom have Plan level Admin privileges, but not Project level Admin privileges are able to change the Project name from /chain/admin/config/editChainDetails.action?buildKey=\projkey-\plankey h3. Steps to Reproduce h1. Step 1 Create Project with key TSTPR Create Plan within TSTPR...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/14 2:22 p.m.48 views

Upgrade Tomcat to 8.0.36 or later

Current version of Tomcat 8.0.33 is vulernable to http://www.cvedetails.com/cve/CVE-2016-3092/ We need to upgrade the version we package with JIRA to address that vulnerability...

7.8CVSS1.2AI score0.35927EPSS
Exploits0
Atlassian
Atlassian
added 2015/04/16 6:32 a.m.48 views

Multiple vulnerabilites in Java 1.7.0_15

The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...

5.5AI score
Exploits0
Atlassian
Atlassian
added 2013/11/15 6:12 p.m.48 views

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

7.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.48 views

Not being able to create webhooks with basic authentication.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...

Exploits0Affected Software1
Atlassian
Atlassian
added 2024/06/20 8:14 a.m.47 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

6.6AI score
Exploits0
Atlassian
Atlassian
added 2024/03/07 2:45 p.m.47 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

7.5CVSS7AI score0.02114EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.47 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.5AI score0.01395EPSS
Exploits1
Atlassian
Atlassian
added 2022/08/08 9:27 p.m.47 views

Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS5.6AI score0.00826EPSS
Exploits0
Atlassian
Atlassian
added 2021/10/17 11:13 a.m.47 views

Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError

h3. Issue Summary Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError Base Score: 7.5 HIGH bq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once th...

7.5CVSS6.8AI score0.10997EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/25 3:53 a.m.47 views

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...

5.3CVSS5.2AI score0.08951EPSS
Exploits1
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.47 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that...

4.3CVSS5.7AI score0.00829EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/08/12 2:46 a.m.47 views

CDN caching can lead to leak of user information - CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

4.3CVSS4.7AI score0.01166EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/07/09 2:43 a.m.47 views

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Fisheye before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

10CVSS3AI score0.10458EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/08 9:26 a.m.47 views

The console login did not rotate the session id during login - CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...

8.1CVSS5.7AI score0.01427EPSS
Exploits0
Atlassian
Atlassian
added 2018/02/02 12:11 a.m.47 views

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

8.8CVSS8.8AI score0.77823EPSS
Exploits9Affected Software1
Atlassian
Atlassian
added 2018/02/02 12:11 a.m.47 views

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

7.5CVSS5.7AI score0.01789EPSS
Exploits0
Atlassian
Atlassian
added 2017/07/17 7:46 a.m.47 views

Various XSS through a repository or review filename - CVE-2017-9508

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

5.4CVSS3.8AI score0.00826EPSS
Exploits0
Atlassian
Atlassian
added 2017/05/25 3:47 p.m.47 views

Password Reset

I changed my password on my Linux system and now I can't push/pull via Atlassian SourceTree 2.0.20.1 gui. I tried resetting via the authentication tab under Tools-Options but the password is not being saved. I can use git via command line via Terminal because I am prompted for a password. I...

4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/03/21 8:59 p.m.47 views

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344...

6.1CVSS3.9AI score0.71601EPSS
Exploits1
Atlassian
Atlassian
added 2016/10/25 7:44 a.m.47 views

XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

0.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295