Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2024/04/09 1:51 a.m.49 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS7AI score0.09346EPSS
Exploits1
Atlassian
Atlassian
added 2024/02/15 4:33 a.m.49 views

Stored XSS in Confluence Data Center

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS6.2AI score0.00471EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.49 views

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 6.10.0 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.49 views

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.8AI score0.02824EPSS
Exploits2
Atlassian
Atlassian
added 2023/10/04 7:45 p.m.49 views

com.google.code.gson Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.7CVSS6.8AI score0.1158EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/04 7:45 p.m.49 views

Jettison Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.01395EPSS
Exploits1
Atlassian
Atlassian
added 2022/03/07 8:15 a.m.49 views

CVE-2021-43955: /rest-service-fecru/server-v1 leaks information about installation directories

The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...

4.3CVSS5.9AI score0.00841EPSS
Exploits0
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.49 views

Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

7.5CVSS7.1AI score0.01173EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/06/22 10:58 a.m.49 views

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/12 11:53 p.m.49 views

Html Macros should respect authenticated user based on allowlist API

Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/01/23 12:5 a.m.49 views

XXE in OpenID client application - CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...

7.5CVSS3.8AI score0.02434EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2019/08/12 2:47 a.m.49 views

XSS in various templates of the Optimization plugin - CVE-2019-8450

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...

4.8CVSS4.1AI score0.00879EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/05/06 4:6 a.m.49 views

Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...

9.8CVSS9.7AI score0.95355EPSS
Exploits6
Atlassian
Atlassian
added 2019/01/23 10:56 p.m.49 views

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

9.8CVSS4.6AI score0.97356EPSS
Exploits12
Atlassian
Atlassian
added 2017/12/01 4:16 p.m.49 views

Users with 'Plan Admin' privileges can change Project Name

h3. Summary Users whom have Plan level Admin privileges, but not Project level Admin privileges are able to change the Project name from /chain/admin/config/editChainDetails.action?buildKey=\projkey-\plankey h3. Steps to Reproduce h1. Step 1 Create Project with key TSTPR Create Plan within TSTPR...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/07/17 7:50 a.m.49 views

Various XSS through a repository or review filename - CVE-2017-9508

Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

5.4CVSS3.8AI score0.00826EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/28 4:54 a.m.49 views

Upgrade bundled Java to 8u101+

Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect JIRA...

8.1CVSS2.7AI score0.00509EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.49 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/01/03 3:5 a.m.49 views

Upgrade Tomcat to latest minor version

See http://www.cvedetails.com/cve/CVE-2011-4084/. We're shipping 6.0.32 at the moment...

0.8AI score
Exploits5Affected Software1
Atlassian
Atlassian
added 2024/05/16 4:11 a.m.48 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the PreferQueryMode=SIMPLE parameter required for this vulnerability in it...

10CVSS9.7AI score0.0481EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/03 8:56 a.m.48 views

Bitbucket Data Center is affected by CVE-2024-25710

h3. Issue Summary Bitbucket is affected by CVE-2024-25710|https://nvd.nist.gov/vuln/detail/CVE-2024-25710 The affected file /app/WEB-INF/lib/commons-compress-1.21.jar h3. Steps to Reproduce N/A h3. Expected Results N/A h3. Actual Results N/A h3. Workaround Currently, there is no known workaround...

8.1CVSS6.5AI score0.00441EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.48 views

DoS (Denial of Service) ch.qos.logback:logback-classic Dependency in Confluence Data Center and Server

This High severity ch.qos.logback:logback-classic Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. This ch.qos.logback:logback-classic Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

7.5CVSS7.1AI score0.009EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/11 6:46 a.m.48 views

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.4.0, 9.7.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. Jira Software Data Center versions 9.14.0, 9.13.0, 9.13.1 are NOT affected This...

7.5CVSS7.7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/03 12:45 a.m.48 views

org.apache.tomcat:tomcat-catalina Vulnerability in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.10.0, 7.14.0, and 7.20.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an...

7.5CVSS7.5AI score0.02505EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/09 1:44 a.m.48 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 5.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01655EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.48 views

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.95302EPSS
Exploits8
Atlassian
Atlassian
added 2023/10/06 5:44 p.m.48 views

jackson-databind Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.0486EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/26 4:12 p.m.48 views

org.apache.velocity Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, and 7.21.7 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

9CVSS7.7AI score0.22709EPSS
Exploits0
Atlassian
Atlassian
added 2022/08/08 9:27 p.m.48 views

Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS5.6AI score0.00826EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/04 12:22 a.m.48 views

Workbox: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Workbox host plugin in Confluence is currently using underscore.js 1.3.1. This is old enough to not be vulnerable to CVE-2021-23358, but it should be using the version provided by Confluence, not its own The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and...

7.2CVSS2.2AI score0.04087EPSS
Exploits2
Atlassian
Atlassian
added 2022/03/16 5:14 a.m.48 views

A user can view the "createmeta" information of private projects

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers without permission to view a private project to view the project's issue creation meta information via a Broken Access Control vulnerability in the /issue/createmeta endpoint. The affected versions are...

5.4AI score
Exploits0
Atlassian
Atlassian
added 2021/12/22 3:18 a.m.48 views

Default field configuration can be restored via CSRF - CVE-2021-43952

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery CSRF vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. This bug is currently fixed on Jira 8.21.0. Non LT...

4.3CVSS5.5AI score0.00415EPSS
Exploits0
Atlassian
Atlassian
added 2021/11/30 6:48 p.m.48 views

Unauthorized user can add administrator groups to filter subscriptions - CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

6.5CVSS4.9AI score0.01148EPSS
Exploits0
Atlassian
Atlassian
added 2021/08/02 12:53 a.m.48 views

Remote code execution in workflow import - CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability which allowed for various...

8.8CVSS9.1AI score0.01802EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.48 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS5.8AI score0.0233EPSS
Exploits0
Atlassian
Atlassian
added 2020/11/18 9:48 p.m.48 views

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

7.5CVSS7.3AI score0.01212EPSS
Exploits0
Atlassian
Atlassian
added 2020/04/16 7:57 p.m.48 views

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS5.7AI score0.0057EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/12/21 6:6 a.m.48 views

XSS in the labels widget gadget - CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

5.4CVSS3.3AI score0.00911EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/12/21 5:4 a.m.48 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

8.8CVSS9.3AI score0.03677EPSS
Exploits1
Atlassian
Atlassian
added 2016/07/14 2:22 p.m.48 views

Upgrade Tomcat to 8.0.36 or later

Current version of Tomcat 8.0.33 is vulernable to http://www.cvedetails.com/cve/CVE-2016-3092/ We need to upgrade the version we package with JIRA to address that vulnerability...

7.8CVSS1.2AI score0.35927EPSS
Exploits0
Atlassian
Atlassian
added 2015/04/16 6:32 a.m.48 views

Multiple vulnerabilites in Java 1.7.0_15

The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...

5.5AI score
Exploits0
Atlassian
Atlassian
added 2013/11/15 6:12 p.m.48 views

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

7.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/06/20 8:14 a.m.47 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

6.6AI score
Exploits0
Atlassian
Atlassian
added 2024/03/07 2:45 p.m.47 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

7.5CVSS7AI score0.02114EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.47 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.5AI score0.01395EPSS
Exploits1
Atlassian
Atlassian
added 2021/10/17 11:13 a.m.47 views

Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError

h3. Issue Summary Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError Base Score: 7.5 HIGH bq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once th...

7.5CVSS6.8AI score0.10997EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/25 3:53 a.m.47 views

Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...

5.3CVSS5.2AI score0.08951EPSS
Exploits1
Atlassian
Atlassian
added 2019/08/12 2:46 a.m.47 views

CDN caching can lead to leak of user information - CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

4.3CVSS4.7AI score0.01166EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/07/09 2:43 a.m.47 views

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Fisheye before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

10CVSS3AI score0.10458EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/08 9:26 a.m.47 views

The console login did not rotate the session id during login - CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...

8.1CVSS5.7AI score0.01427EPSS
Exploits0
Total number of security vulnerabilities4295