Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2024/04/09 1:50 a.m.46 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.03538EPSS
Exploits0
Atlassian
Atlassian
added 2024/03/07 2:45 p.m.46 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

7.5CVSS7AI score0.02114EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:47 a.m.46 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.2AI score0.01256EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.46 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...

7.5CVSS9.6AI score0.01762EPSS
Exploits1
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.46 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...

7.5CVSS7.1AI score0.0104EPSS
Exploits1
Atlassian
Atlassian
added 2024/02/14 10:45 a.m.46 views

DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

7.5CVSS7.5AI score0.01181EPSS
Exploits5
Atlassian
Atlassian
added 2023/12/19 10:45 a.m.46 views

DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.2AI score0.03754EPSS
Exploits1
Atlassian
Atlassian
added 2023/12/14 7:45 a.m.46 views

Info Disclosure org.apache.santuario:xmlsec Dependency in Crowd Data Center and Server

This High severity org.apache.santuario:xmlsec Dependency vulnerability was introduced in all versions of Crowd Data Center and Server before 5.2.2 This org.apache.santuario:xmlsec Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

7.5CVSS6.5AI score0.10448EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/14 7:45 a.m.46 views

DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bitbucket Data Center and Server

This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVS...

7.5CVSS7.2AI score0.03754EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/08 3:44 a.m.46 views

Json-smart Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.023EPSS
Exploits1
Atlassian
Atlassian
added 2023/09/20 3:53 p.m.46 views

XXE (XML External Entity Injection) in Jira Service Management Data Center and Server - CVE-2019-13990

h2. Summary of Vulnerability Certain versions of Jira Service Management Server & Data Center were affected by CVE-2019-13990. The affected versions contained vulnerable versions of Terracotta Quartz Scheduler which allowed authenticated attackers to initiate an XML External Entity injection atta...

9.8CVSS9.1AI score0.162EPSS
Exploits0
Atlassian
Atlassian
added 2021/12/22 3:16 a.m.46 views

Object import configuration details are leaked via the Create Object type mapping feature - CVE-2021-43951

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0...

4.3CVSS5AI score0.00809EPSS
Exploits0
Atlassian
Atlassian
added 2021/12/17 7:3 p.m.46 views

Upgrade Logback for CVE-2021-42550

h3. Issue Summary In the wake of Log4Shell, CVE-2021-42550 has been created for similar JNDI considerations in Logback. The Logback maintainers have removed some functionality from Logback in response and released Logback 1.2.9. Please note: There is no RCE in Logback, and there is no vulnerabili...

8.5CVSS1.8AI score0.04439EPSS
Exploits1
Atlassian
Atlassian
added 2021/07/09 5:44 a.m.46 views

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

9.8CVSS2.3AI score0.48883EPSS
Exploits1
Atlassian
Atlassian
added 2021/06/09 1:5 a.m.46 views

Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...

5.3CVSS5.4AI score0.01184EPSS
Exploits0
Atlassian
Atlassian
added 2020/09/23 9:5 p.m.46 views

JSW Server not vulnerable to an Insecure Deserialization issue in Jackson Databind - CVE-2018-14720

Scanners may falsely flag some versions of Jira Software Server before 8.5.5 as vulnerable to an Insecure Deserialization issue in Jackson Databind CVE-2018-14720. This vulnerability in a transitive dependency was being flagged because Jira Software assumed the version of applinks provided by Jir...

9.8CVSS3.7AI score0.07524EPSS
Exploits0
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.46 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...

4.3CVSS4.6AI score0.00829EPSS
Exploits0
Atlassian
Atlassian
added 2019/12/17 2:10 a.m.46 views

Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...

6.5CVSS6.3AI score0.00794EPSS
Exploits0
Atlassian
Atlassian
added 2019/08/09 3:53 a.m.46 views

Open redirect in startup.jsp - CVE-2019-11585

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect...

6.1CVSS5AI score0.01217EPSS
Exploits0
Atlassian
Atlassian
added 2019/08/09 3:20 a.m.46 views

CSRF in the ServiceExecutor resource - CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS7AI score0.00679EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/04/29 3:57 a.m.46 views

Information disclosure in the /rest/api/2/user/picker rest resource - CVE-2019-3403

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check...

5.3CVSS5.9AI score0.52637EPSS
Exploits1
Atlassian
Atlassian
added 2019/04/29 3:14 a.m.46 views

XSS in WallboardServlet through the cyclePeriod parameter - CVE-2018-20824

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the cyclePeriod parameter...

6.1CVSS4.2AI score0.37577EPSS
Exploits0
Atlassian
Atlassian
added 2016/07/31 11:34 p.m.46 views

Upgrade bundled Java to 8u101+

Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect Confluence...

8.1CVSS2.8AI score0.00509EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/07/15 1:43 a.m.46 views

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

4.3CVSS5.8AI score0.9986EPSS
Exploits1
Atlassian
Atlassian
added 2013/05/21 4:29 a.m.46 views

Upgrade bundled Tomcat due to security vulnerabilities

There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: CVE-2013-2067|http://mail-archives.apache.org/modmbox/www-announce/201305.mbox/%[email protected]%3E...

6.8CVSS2.5AI score0.11001EPSS
Exploits5
Atlassian
Atlassian
added 2012/12/17 7:35 p.m.46 views

Encrypt Database Password in dbconfig.xml or use integrated authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31004. panel panel:title=Atlassian Update – 5 January 2016|borderStyle=solid|borderColor=ebf2f9 | titleBGColor=ebf2f9 | bgColor=ffffff Hi...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/09/23 1:6 a.m.46 views

XSS vulnerability in space key, particularly with decorators off

As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable functionality relies on this content tag. Eg Doc Theme breaks without it. Themes choice breaks without it. To exploit it, create a user with html in the login name, then create a...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/05/16 5:11 a.m.45 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Confluence Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

8.2CVSS6.6AI score0.00948EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/22 6:45 a.m.45 views

Bundled JRE in Bitbucket 8.16+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919

h3. Issue Summary Bitbucket 8.16 and above bundles OpenJDK 17.0.9 which is vulnerable as per OpenJDK advisory|https://openjdk.org/groups/vulnerability/advisories/2024-01-16. .The recommendation is to update Java to a version greater than 17.0.9 such as 17.0.10. - A vulnerability that allows an...

7.4CVSS7.9AI score0.00911EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:49 p.m.45 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Jira Software Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. This software.amazon.ion:ion-java Dependenc...

7.5CVSS7.6AI score0.0082EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:53 a.m.45 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.05018EPSS
Exploits2
Atlassian
Atlassian
added 2024/03/14 5:46 a.m.45 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.0082EPSS
Exploits0
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.45 views

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...

7.5CVSS7.2AI score0.01287EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.45 views

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Confluence Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 1.0.1 of Confluence Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

7.5CVSS7.1AI score0.06286EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/08 8:45 p.m.45 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.9AI score0.01469EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/19 6:45 a.m.45 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS6.7AI score0.01772EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/13 7:45 a.m.45 views

SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server

This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...

7.1CVSS6.9AI score0.00786EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/14 7:31 p.m.45 views

RCE (Remote Code Execution) in Crowd Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...

8.8CVSS8AI score0.01213EPSS
Exploits0
Atlassian
Atlassian
added 2023/11/10 1:44 a.m.45 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

5.9CVSS7.1AI score0.01854EPSS
Exploits0
Atlassian
Atlassian
added 2023/10/04 7:45 p.m.45 views

hutool-json Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.01181EPSS
Exploits5
Atlassian
Atlassian
added 2023/09/18 9:26 p.m.45 views

FALSE POSITIVE - OpenSearch Vulnerability in Bitbucket Data Center and Server

Notice of FALSE POSITIVE After review, it has been determined that CVE-2022-41906 DOES NOT affect ANY version of Bitbucket Data Center or Bitbucket Server. We have updated our bulletin and Jira tickets to reflect this update. We have taken action to prevent this false-positive from appearing in o...

8.7CVSS8.2AI score0.00655EPSS
Exploits0
Atlassian
Atlassian
added 2023/08/17 12:0 a.m.45 views

Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, allows an unauthenticated attacker to expose...

7.7CVSS8.5AI score0.1158EPSS
Exploits0
Atlassian
Atlassian
added 2023/01/19 9:37 a.m.45 views

HSTS configuration not working in confluence 8.0.2

h3. Issue Summary This is reproducible on Data Center: Yes h3. Steps to Reproduce Configure confluence on SSL Follow KB -...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2022/07/05 10:9 p.m.45 views

Crowd: Multiple Servlet Filter Vulnerabilities

Multiple Servlet Filter vulnerabilities have been fixed in Crowd Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...

9.8CVSS2.2AI score0.04244EPSS
Exploits0
Atlassian
Atlassian
added 2022/07/04 12:8 a.m.45 views

Mobile web: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary The mobile web view in Confluence is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template functio...

7.2CVSS2AI score0.04087EPSS
Exploits2
Atlassian
Atlassian
added 2021/08/25 4:24 a.m.45 views

Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a ServerSide Template Injection vulnerability in the Email Template feature. The affected...

9CVSS7.2AI score0.04483EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/26 5:2 p.m.45 views

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...

10CVSS1.3AI score0.82715EPSS
Exploits14
Atlassian
Atlassian
added 2021/03/10 11:5 a.m.45 views

Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)

Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...

7.8CVSS5.1AI score0.00436EPSS
Exploits0
Atlassian
Atlassian
added 2020/11/16 12:12 a.m.45 views

CSRF token theft through referrer headers - CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

6.5CVSS5.2AI score0.00703EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/08/18 4:44 p.m.45 views

Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260

There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...

9.3CVSS3.6AI score0.10047EPSS
Exploits2Affected Software1
Total number of security vulnerabilities4295