Lucene search
K
AtlassianRecent

4295 matches found

Atlassian
Atlassian
added 2021/03/17 9:41 p.m.48 views

CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

3.5CVSS6.4AI score0.0049EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/15 12:53 a.m.31 views

The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Export HTML Report feature. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before...

5.4CVSS5AI score0.00599EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/15 12:53 a.m.49 views

The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Export HTML Report feature. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before...

5.4CVSS3.1AI score0.00599EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/11 7:39 p.m.65 views

Tomcat PersistenceManager vulnerabilities - CVE-2021-25329 and CVE-2021-25122

Affected versions of Atlassian Jira Server and Data Center are susceptible to Tomcat PersistenceManager vulnerabilities. Affected versions: ≤ 8.16.0 Fixed versions: pending...

7.5CVSS7.1AI score0.18114EPSS
Exploits15
Atlassian
Atlassian
added 2021/03/11 7:39 p.m.127 views

Tomcat PersistenceManager vulnerabilities - CVE-2021-25329 and CVE-2021-25122

Affected versions of Atlassian Jira Server and Data Center are susceptible to Tomcat PersistenceManager vulnerabilities. Affected versions: ≤ 8.16.0 Fixed versions: pending...

7.5CVSS5.1AI score0.18114EPSS
Exploits15Affected Software1
Atlassian
Atlassian
added 2021/03/10 11:5 a.m.72 views

Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)

Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...

10CVSS5.1AI score0.82715EPSS
Exploits14Affected Software1
Atlassian
Atlassian
added 2021/03/10 11:5 a.m.45 views

Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)

Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...

7.8CVSS5.1AI score0.00436EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/03 10:39 p.m.56 views

Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445

Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...

4.3CVSS4.3AI score0.01201EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/03 10:39 p.m.28 views

Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445

Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...

4.3CVSS5AI score0.01201EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/01 8:35 p.m.34 views

Blind SSRF in widgetConnector - CVE-2021-26072

Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...

4.3CVSS2.8AI score0.38845EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/03/01 8:35 p.m.28 views

Blind SSRF in widgetConnector - CVE-2021-26072

Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...

4.3CVSS4.5AI score0.38845EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/26 5:0 p.m.60 views

RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...

7.8CVSS4.6AI score0.00436EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/26 5:0 p.m.41 views

RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...

10CVSS4.6AI score0.82715EPSS
Exploits14Affected Software1
Atlassian
Atlassian
added 2021/02/22 11:35 a.m.100 views

Update Apache Struts 2 to avoid CVE-2020-17530

Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...

9.8CVSS2.1AI score0.95922EPSS
Exploits11Affected Software1
Atlassian
Atlassian
added 2021/02/22 11:35 a.m.68 views

Update Apache Struts 2 to avoid CVE-2020-17530

Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...

9.8CVSS2.1AI score0.95922EPSS
Exploits11
Atlassian
Atlassian
added 2021/02/22 4:54 a.m.28 views

Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...

5.4CVSS5.3AI score0.00928EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/22 4:54 a.m.49 views

Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...

5.4CVSS3AI score0.00928EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 11:35 p.m.28 views

DOM XSS in the issue navigation & search view via parameter pollution - CVE-2020-36288

The issue navigation & search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting XSS vulnerability caused b...

6.1CVSS5.6AI score0.01519EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/16 11:35 p.m.54 views

DOM XSS in the issue navigation & search view via parameter pollution - CVE-2020-36288

The issue navigation & search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting XSS vulnerability caused b...

6.1CVSS3.2AI score0.01519EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.80 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS6.4AI score0.0233EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 6:29 p.m.47 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS5.8AI score0.0233EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/16 6:28 p.m.487 views

Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251

Crowd was using jQuery version 1.8.3, which is affected by CVE-2020-11023, CVE-2020-11022, and CVE-2015-9251. Affected Version/s: 4.0.3, 4.1.1 Fixed Version/s: 4.1.2, 4.0.4, 4.2.0...

6.9CVSS6.8AI score0.99019EPSS
Exploits12
Atlassian
Atlassian
added 2021/02/16 6:28 p.m.189 views

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

Crowd was using jQuery version 1.8.3, which is affected by CVE-2020-11023 & CVE-2020-11022. Affected Version/s: 4.0.3, 4.1.1 Fixed Version/s: 4.1.2, 4.0.4, 4.2.0...

6.9CVSS4.7AI score0.99019EPSS
Exploits11Affected Software1
Atlassian
Atlassian
added 2021/02/16 12:44 a.m.82 views

Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233

h3. Issue Summary Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities. h3. Affected Versions The following versions are only affected...

7.8CVSS5.8AI score0.00265EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/16 12:44 a.m.37 views

Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233

h3. Issue Summary Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities. h3. Affected Versions The following versions are only affected...

7.8CVSS5.8AI score0.00265EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/04 1:15 a.m.33 views

Custom field options are exposed via an unauthenticated REST API endpoint - CVE-2020-36237

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Affected versions: version...

5.3CVSS5.4AI score0.01244EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/04 1:15 a.m.123 views

Custom field options are exposed via an unauthenticated REST API endpoint - CVE-2020-36237

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Affected versions: version...

5.3CVSS5.8AI score0.01244EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:53 p.m.35 views

Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...

4.8CVSS5.1AI score0.01015EPSS
Exploits0
Atlassian
Atlassian
added 2021/02/03 10:53 p.m.105 views

Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...

4.8CVSS4.4AI score0.01015EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:45 p.m.107 views

Update application links to 5.4.23 to fix CVE-2020-5398

Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component. The affected versions are before version 4.8.6. Affected versions: version 4.8.6 Fixed...

8CVSS5AI score0.88077EPSS
Exploits2Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:45 p.m.60 views

Update application links to 5.4.23 to fix CVE-2020-5398

Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component. The affected versions are before version 4.8.6. Affected versions: version 4.8.6 Fixed...

8CVSS7.4AI score0.88077EPSS
Exploits2
Atlassian
Atlassian
added 2021/02/03 10:43 p.m.79 views

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were: CVE-2012-0881 CVE-2019-10172 CVE-2018-1000632 CVE-2016-1000031 CVE-2014-0114...

9.8CVSS7.4AI score0.96121EPSS
Exploits12Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:43 p.m.71 views

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were: CVE-2012-0881 CVE-2019-10172 CVE-2018-1000632 CVE-2016-1000031 CVE-2014-0114...

9.8CVSS9AI score0.96121EPSS
Exploits12
Atlassian
Atlassian
added 2021/02/03 10:39 p.m.143 views

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries: update com.atlassian.applinks: from 5.4.21 to 5.4.23 update com.atlassian.plugins: from 4.4.10 to 4.4.14 update com.atlassian.sal: from 3.1.2 to 3.1.3 update com.atlassian.streams:...

9.8CVSS7.7AI score0.88077EPSS
Exploits7Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:39 p.m.78 views

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries: update com.atlassian.applinks: from 5.4.21 to 5.4.23 update com.atlassian.plugins: from 4.4.10 to 4.4.14 update com.atlassian.sal: from 3.1.2 to 3.1.3 update com.atlassian.streams:...

9.8CVSS7.8AI score0.88077EPSS
Exploits6
Atlassian
Atlassian
added 2021/02/02 9:59 a.m.133 views

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. The affected versions are...

6.9CVSS6.2AI score0.99019EPSS
Exploits11
Atlassian
Atlassian
added 2021/02/02 9:59 a.m.361 views

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. The affected versions are...

6.9CVSS5.3AI score0.99019EPSS
Exploits11Affected Software1
Atlassian
Atlassian
added 2021/01/27 4:1 a.m.84 views

Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

7.2CVSS6.3AI score0.01955EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/27 4:1 a.m.30 views

Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...

7.2CVSS6.6AI score0.01955EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/25 7:2 a.m.30 views

Jira bundles a vulnerable version of atlassian-gadgets - CVE-2020-36232

The atlassian-gadgets plugin used in affected versions of Atlassian Jira Server and Data Center allows unexpected DNS lookups and requests to malicious servers via server side request forgery vulnerability. The affected versions are before version 8.5.10, from version 8.6.0 before version 8.13.2,...

5CVSS5.4AI score0.00975EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/25 7:2 a.m.61 views

Jira bundles a vulnerable version of atlassian-gadgets - CVE-2020-36232

The atlassian-gadgets plugin used in affected versions of Atlassian Jira Server and Data Center allows unexpected DNS lookups and requests to malicious servers via server side request forgery vulnerability. The affected versions are before version 8.5.10, from version 8.6.0 before version 8.13.2,...

5CVSS3.6AI score0.00975EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/25 4:6 a.m.352 views

Code Injection and Directory Traversal in plexus-utils

This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...

9.8CVSS3.7AI score0.06543EPSS
Exploits8Affected Software1
Atlassian
Atlassian
added 2021/01/25 4:6 a.m.55 views

Code Injection and Directory Traversal in plexus-utils

This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...

9.8CVSS3.7AI score0.06543EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/22 5:27 p.m.66 views

Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

5.3CVSS4.6AI score0.0111EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/22 5:27 p.m.35 views

Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

5.3CVSS4.6AI score0.0111EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 6:34 p.m.85 views

XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version...

6.1CVSS4.8AI score0.01274EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/21 6:34 p.m.40 views

XSS via ViewWorkflowSchemes.jspa, ListWorkflows.jspa - CVE-2020-36236

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version...

6.1CVSS5.6AI score0.01274EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 5:58 p.m.157 views

Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...

5.3CVSS5.7AI score0.23086EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/01/21 5:58 p.m.40 views

Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...

5.3CVSS5.6AI score0.23086EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/21 9:12 a.m.34 views

Unauthenticated information leakage of temporary files and project keys - CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/\id/ActionsAndOperations API endpoint. The affected versions are before...

5.3CVSS5.4AI score0.02508EPSS
Exploits0
Total number of security vulnerabilities4295