Atlassian - Page 12 of Atlassian Vulnerabilities List

Atlassian•added 2023/11/12 1:45 p.m.•35 views

DoS (Denial of Service) jackson-databind in Jira Software Data Center and Server

7.5CVSS6.7AI score0.0025EPSS

Atlassian•added 2023/11/12 1:45 p.m.•37 views

DoS (Denial of Service) com.fasterxml.jackson.core in Jira Software Data Center and Server

7.5CVSS9.1AI score0.00487EPSS

Atlassian•added 2023/11/12 1:45 p.m.•37 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

5.9CVSS6.7AI score0.00325EPSS

Atlassian•added 2023/11/12 1:44 p.m.•81 views

DoS (Denial of Service) io.netty:netty-codec-http2 in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows...

7.5CVSS7.3AI score0.944EPSS

Exploits19

Atlassian•added 2023/11/10 1:44 a.m.•38 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

5.9CVSS7.1AI score0.00325EPSS

Atlassian•added 2023/11/10 1:44 a.m.•53 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote in Bamboo Data Center and Server

7.5CVSS7.2AI score0.944EPSS

Exploits19

Atlassian•added 2023/11/03 12:46 a.m.•35 views

SSRF org.apache.xmlgraphics in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticate...

7.5CVSS7.3AI score0.00526EPSS

Atlassian•added 2023/11/03 12:46 a.m.•37 views

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

7.5CVSS7.2AI score0.47784EPSS

Atlassian•added 2023/11/03 12:46 a.m.•35 views

XSS org.apache.xmlgraphics:batik-script in Confluence Data Center and Server

7.5CVSS7.3AI score0.00541EPSS

Atlassian•added 2023/11/03 12:45 a.m.•42 views

org.apache.tomcat:tomcat-catalina Vulnerability in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.10.0, 7.14.0, and 7.20.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an...

7.5CVSS7.5AI score0.00889EPSS

Atlassian•added 2023/11/03 12:45 a.m.•52 views

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0, 7.19, 8.1.0, 8.2.0, 8.3.0 and 8.5 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS7.3AI score0.00454EPSS

Atlassian•added 2023/11/03 12:45 a.m.•54 views

Request Smuggling org.apache.tomcat:tomcat-coyote in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 7.19.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker t...

7.5CVSS7.1AI score0.0029EPSS

Atlassian•added 2023/11/03 12:45 a.m.•31 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.19.1, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This DoS Dependency vulnerability only impacts Windows instances, with a CVSS Score of 7.5 and a CVSS Vector of...

5.9CVSS7.1AI score0.00325EPSS

Atlassian•added 2023/11/03 12:45 a.m.•68 views

DoS (Denial of Service) io.netty:netty-codec-http2 in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.19.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS7.2AI score0.944EPSS

Exploits19

Atlassian•added 2023/11/02 3:5 p.m.•202 views

Update ActiveMQ to fix CVE-2023-46604

h3. Issue Summary Bamboo relies on ActiveMQ libraries version /atlassian-bamboo/WEB-INF/lib: noformat $ ls -al /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib ls | grep activemq- activemq-broker-5.18.2.jar activemq-client-5.18.2.jar activemq-http-5.18.2.jar activemq-jms-pool-5.18.2.jar...

10CVSS9.4AI score0.94436EPSS

Exploits31

Atlassian•added 2023/10/31 4:19 p.m.•15 views

Redirect from searchrequest.html page to login screen

h3. Issue Summary Hello team, We would like to open an improvement request to allow the searchrequest.html page to be redirected to the login page if the user is not logged on. This desired behavior is similar to the issue view page, since it automatically redirects you to the login screen if...

7AI score

Atlassian•added 2023/10/30 2:10 p.m.•33 views

Help links not using security attributes

h3. Issue Summary Links to documentation use the anchor tag attribute target="blank" without using rel="noopener noreferrer". Best practice is to include rel="noopener noreferrer" on any link opened with target="blank" We've had some customers report that this is triggering automated security...

7.3AI score

Atlassian•added 2023/10/30 1:26 p.m.•24 views

Feedback button iframe should be sandboxed

h3. Issue Summary When feedback button is clicked in Jira top navigation bar, it loads an iframe with content from jira.atlassian.com. Iframe doesn't have sandbox attribute which may be seen as a potential vulnerability. IFrame sandboxing enables a set of additional restrictions for the content...

7.4AI score

Atlassian•added 2023/10/25 4:0 p.m.•16 views

JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels

h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...

7.2AI score

Atlassian•added 2023/10/17 12:2 p.m.•34 views

RCE (Remote Code Execution) in Bamboo Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

8.8CVSS8AI score0.01725EPSS

Atlassian•added 2023/10/11 3:26 p.m.•129 views

Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...

7.5CVSS7.3AI score0.03173EPSS

Exploits1Affected Software1

Atlassian•added 2023/10/11 3:26 p.m.•95 views

Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129

7.5CVSS6.8AI score0.03173EPSS

Atlassian•added 2023/10/09 1:44 a.m.•48 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.0011EPSS

Atlassian•added 2023/10/09 1:44 a.m.•47 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

7.5CVSS6.8AI score0.0011EPSS

Atlassian•added 2023/10/09 1:44 a.m.•44 views

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

7.5CVSS6.7AI score0.00471EPSS

Atlassian•added 2023/10/09 1:44 a.m.•52 views

FasterXML Vulnerability in Jira Service Management Data Center and Server

Atlassian•added 2023/10/09 1:44 a.m.•48 views

FasterXML Vulnerability in Jira Service Management Data Center and Server

7.5CVSS6.8AI score0.00317EPSS

Atlassian•added 2023/10/09 1:44 a.m.•30 views

jackson-databind Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

Atlassian•added 2023/10/09 1:44 a.m.•39 views

jackson-databind Vulnerability in Jira Service Management Data Center and Server

7.5CVSS6.7AI score0.00487EPSS

Atlassian•added 2023/10/08 8:44 a.m.•60 views

RCE (Remote Code Execution) in - CVE-2022-1471

h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed...

9.8CVSS9.8AI score0.93849EPSS

Exploits7

Atlassian•added 2023/10/08 3:44 a.m.•42 views

Json-smart Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.00108EPSS

Atlassian•added 2023/10/08 3:44 a.m.•70 views

Json-smart Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7AI score0.00015EPSS

Atlassian•added 2023/10/06 5:45 p.m.•46 views

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.94055EPSS

Exploits7

Atlassian•added 2023/10/06 5:45 p.m.•36 views

Woodstox Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.00803EPSS

Atlassian•added 2023/10/06 5:45 p.m.•42 views

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS8.1AI score0.0025EPSS

Atlassian•added 2023/10/06 5:45 p.m.•36 views

FasterXML Vulnerability in Bamboo Data Center and Server

Atlassian•added 2023/10/06 5:45 p.m.•46 views

FasterXML Vulnerability in Bamboo Data Center and Server

7.5CVSS6.8AI score0.00317EPSS

Atlassian•added 2023/10/06 5:45 p.m.•56 views

FasterXML Vulnerability in Bitbucket Data Center and Server

7.5CVSS7.9AI score0.00317EPSS

Atlassian•added 2023/10/06 5:45 p.m.•37 views

jackson-databind Vulnerability in Bamboo Data Center and Server

Atlassian•added 2023/10/06 5:44 p.m.•29 views

jackson-databind Vulnerability in Bitbucket Data Center and Server

7.5CVSS7.5AI score0.0025EPSS

Atlassian•added 2023/10/06 5:44 p.m.•43 views

jackson-databind Vulnerability in Bamboo Data Center and Server

7.5CVSS6.7AI score0.00487EPSS

Atlassian•added 2023/10/06 5:44 p.m.•56 views

jackson-databind Vulnerability in Bitbucket Data Center and Server

7.5CVSS8.5AI score0.00487EPSS

Atlassian•added 2023/10/06 9:45 a.m.•16 views

Scripts failing intermittently due to permissions denied (401) exception while using PAT

h3. Issue Summary This is reproducible on the Data Center: Yes h3. Steps to Reproduce Create two Jira users: UserA and UserB and two Projects: ProjectA and ProjectB. Restrict access to ProjectA for UserA, and ProjectB for UserB. Create one issue each on ProjectA and ProjectB. Use the below python...

7.4AI score

Atlassian•added 2023/10/04 7:45 p.m.•45 views

com.google.code.gson Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.7CVSS6.8AI score0.0226EPSS

Atlassian•added 2023/10/04 7:45 p.m.•45 views

Jettison Vulnerability in Bitbucket Data Center and Server

7.5CVSS7.1AI score0.00263EPSS

Atlassian•added 2023/10/04 7:45 p.m.•40 views

hutool-json Vulnerability in Bitbucket Data Center and Server

7.5CVSS7.1AI score0.01281EPSS

Exploits5

Atlassian•added 2023/10/02 3:11 p.m.•18 views

UI Redressing (Clickjacking) with SSO Plugin for Data Center

h3. Problem Related to CONFSERVER-29230 When we enable the SAML login on General Configuration - Authentication, the Confluence login page shows inside an iframe. When disabled it doesn't show as expected with the Clickjacking disabled by default. In the gif attached, replicated the error on our...

7.2AI score

Atlassian•added 2023/09/28 7:24 p.m.•28 views

RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows

This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an...

8AI score

Atlassian•added 2023/09/26 4:17 p.m.•65 views

Cache Poisoning org.eclipse.jetty:jetty-server in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS9.3AI score0.08531EPSS