4295 matches found
Directory Traversal vulnerability at plexus-utils dependency in Bamboo Data Center
This High severity File Inclusion vulnerability was introduced in versions 10.0.1, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H allows an...
DoS (Denial of Service) at org.apache.activemq dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
Security Misconfiguration vulnerability at Tomcat dependency in Bamboo Data Center
This High severity Security Misconfiguration vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0 and 12.1.0 of Bamboo Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Covert timing channel at org.bouncycastle:bcprov-jdk18on dependency in Bamboo Data Center
This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code...
Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server
This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...
SSRF (Server-Side Request Forgery) axios Dependency in Jira Software Data Center
This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS...
DoS (Denial of Service) at postgresql dependency in Crucible Server
This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...
File Inclusion in Jira Service Management Data Center
This High severity File Inclusion vulnerability was introduced in versions 5.15.2, 5.16.1, 5.17.0, 10.0.0, 10.1.2, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 7.1...
DOM-based XSS in Jira Software Data Center
This High severity DOM-based XSS vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of...
DOM-based XSS in Jira Service Management Data Center
This High severity DOM-based XSS vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of...
DoS (Denial of Service) in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 11.2.0 and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an...
DoS (Denial of Service) in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 11.2.0 and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allow...
File Inclusion in Jira Software Data Center
This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.1, 9.17.1, 10.0.1, 10.1.1, 10.2.1, 10.3.0, 10.4.1, 10.5.1, 10.6.0, 10.7.1, 11.0.1, 11.1.1, 11.2.0, and 11.3.0 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...
File Inclusion in Jira Service Management Data Center
This High severity File Inclusion vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.4, 11.0.0, 11.1.0, 11.2.1, and 11.3.0 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2...
Security Headers Omission in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Security Headers Omission vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 10.3.0, 11.3.0 of Jira Software Data Center and Jira...
DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS...
DoS (Denial of Service) in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVS...
DoS (Denial of Service) in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of...
File Inclusion in Jira Software Data Center
This High severity File Inclusion vulnerability was introduced in version 11.3.3 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N allows an unauthenticated attacker to get...
File Inclusion in Jira Service Management Data Center
This High severity File Inclusion vulnerability was introduced in version 11.3.3 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N allows an unauthenticated...
Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
DoS (Denial of Service) in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.1, 10.6.0, 10.7.2, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 a...
DoS (Denial of Service) in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.1, 10.5.0, 10.6.0, 10.7.2, 11.0.1, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS...
DoS (Denial of Service) in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.1.1 and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an...
Injection in Confluence Data Center
This High severity Injection vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
DoS (Denial of Service) in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
BASM (Broken Authentication & Session Management) in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0,...
Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center
This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
HTTP Request/Response Smuggling Apache Tomcat Dependency in Confluence Data Center
This High severity HTTP Request/Response Smuggling vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request/Response Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1 and 10.0.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
Information Disclosure in Confluence Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...
Information Disclosure in Confluence Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) brace-expansion Dependency in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticate...
RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Software Data Center. This RCE Remote Code...
DoS (Denial of Service) com.squareup.okio:okio Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0 not all patched versions - see the fix and affects versions field and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Confluence Data Center
This Confluence release includes updates to our org.yaml:snakeyaml dependency in response to CVE-2022-1471. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...
DoS (Denial of Service) brace-expansion Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center. This DoS Denial of...
mXSS (mutation Cross-Site Scripting) dompurify Dependency in Jira Service Management Data Center and Server
This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS mutation Cross-Site Scripting vulnerability was introduced in version 10.3.0 of Jira...
MITM (Man-in-the-Middle) com.squareup.okhttp3:okhttp Dependency in Jira Service Management Data Center and Server
This High severity MITM Man-in-the-Middle vulnerability was introduced in version 10.3.0 of Jira Service Management Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:Ncode allows an unauthenticated attack...
Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center
This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...
DoS (Denial of Service) axios Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0-rc3, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
XSS (Cross Site Scripting) dompurify Dependency in Bamboo Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.0.1, 10.2.15, 12.0.0 and 12.1.2 of Bamboo Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...
MITM (Man-in-the-Middle) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center
This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows...
DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Bamboo Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows ...
HTTP Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
Injection org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center
This High severity Injection vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated...