4295 matches found
It is possible to see components without logging in
It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...
Injection axios Dependency in Bitbucket Data Center
This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...
BASM (Broken Authentication & Session Management) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1,...
Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This Critical severity Improper Authorization vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Improper Authorization vulnerability, with a CVSS...
Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Improper Authorization vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0,...
DoS (Denial of Service) minimatch Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.1, 9.17.0, 10.0.1, 10.1.2, 10.2.1, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.1, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of...
Cryptographic Failure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity Cryptographic Failure vulnerability was introduced in version 11.3.4 of Jira Software Data Center. This Cryptographic Failure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to to get...
Injection org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1,...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service Management Data Center. This HT...
Cryptographic Failure org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center
This High severity Cryptographic Failure vulnerability was introduced in versions 5.12.32, 10.3.17, and 11.3.3 of Jira Service Management Data Center. This Cryptographic Failure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...
Injection axios Dependency in Bitbucket Data Center
This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...
Injection org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0,...
SSRF (Server-Side Request Forgery) axios Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0,...
Injection axios Dependency in Jira Software Data Center
This High severity Injection vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of...
Injection io.netty:netty-codec-dns Dependency in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0,...
Business Logic Vulnerability Apache Tomcat Dependency in Confluence Data Center
This High severity Business Logic vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0 and 10.2.0 of Confluence Data Center. This Business Logic vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) io.netty:netty-codec Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...
DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS...
DoS (Denial of Service) minimatch Dependency in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...
Improper Authorization org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Improper Authorization vulnerability was introduced in versions 9.12.1, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0,...
Prototype Pollution axios Dependency in Jira Service Management Data Center and Server
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service Management Data Center and Server...
Information Disclosure org.apache.tomcat:tomcat-websocket Dependency in Jira Service Management Data Center and Server
This High severity Information Disclosure vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center and Server. This Information Disclosure vulnerability, with ...
DoS (Denial of Service) org.postgresql:postgresql Dependency in Crowd Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.0, 6.1.0, 6.2.0, 6.3.6, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...
RCE (Remote Code Execution) axios Dependency in Jira Service Management Data Center
This High severity RCE Remote Code Execution vulnerability was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score ...
RCE (Remote Code Execution) axios Dependency in Jira Software Data Center
This High severity RCE Remote Code Execution vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7 and a...
Information Disclosure axios Dependency in Bamboo Data Center
This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...
DoS (Denial of Service) axios Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.9, 11.0.7, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticate...
MITM (Man-in-the-Middle) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center
This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) @isaacs/brace-expansion Dependency in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) react-router Dependency in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows ...
RCE (Remote Code Execution) react-router Dependency in Jira Service Management Data Center
This High severity RCE Remote Code Execution vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H...
RCE (Remote Code Execution) react-router Dependency in Jira Software Data Center
This High severity RCE Remote Code Execution vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an...
Business Logic Vulnerability Apache Tomcat Dependency in Jira Software Data Center
This High severity Business Logic vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Business Logic vulnerability, with a CVSS Score of 7.5 and a CVS...
DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of...
DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score ...
DoS (Denial of Service) io.netty:netty-codec Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...
DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center
This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 9.12.1, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0,...
Prototype Pollution axios Dependency in Jira Software Data Center and Server
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center and Server. This...
BASM (Broken Authentication & Session Management) org.springframework.security:spring-security-core Dependency in Crucible Data Center and Server
This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 4.9.0 of Crucible Server. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allow...
Information Disclosure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Information Disclosure vulnerability, with a CVS...
DoS (Denial of Service) io.netty:netty-codec Dependency in Crowd Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, and 7.2.0 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...
DoS (Denial of Service) axios Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...
Information Disclosure axios Dependency in Bamboo Data Center
This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows...
DoS (Denial of Service) react-router Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
XSS (Cross Site Scripting) turbo-stream Dependency in Jira Software Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) io.netty:netty-codec Dependency in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score ...