Vulnerabilities (CVE)

Filtered by vendor Atlassian Subscribe
Total 397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2928 2 Atlassian, Gliffy 3 Confluence Server, Jira, Gliffy 2022-05-14 6.4 MEDIUM N/A
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
CVE-2020-29445 1 Atlassian 1 Confluence Server 2022-05-13 4.0 MEDIUM 4.3 MEDIUM
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
CVE-2021-39128 1 Atlassian 3 Data Center, Jira, Jira Server 2022-05-12 6.5 MEDIUM 7.2 HIGH
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
CVE-2021-26080 1 Atlassian 2 Jira Data Center, Jira Server 2022-05-05 4.3 MEDIUM 6.1 MEDIUM
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
CVE-2021-41305 1 Atlassian 2 Jira, Jira Software Data Center 2022-05-03 5.0 MEDIUM 7.5 HIGH
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12..
CVE-2021-41306 1 Atlassian 3 Jira, Jira Server, Jira Software Data Center 2022-05-03 5.0 MEDIUM 7.5 HIGH
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.
CVE-2020-14172 1 Atlassian 2 Jira, Jira Software Data Center 2022-05-03 7.5 HIGH 9.8 CRITICAL
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1.
CVE-2016-6668 1 Atlassian 2 Confluence Server, Jira Integration For Hipchat 2022-05-01 5.0 MEDIUM 7.5 HIGH
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
CVE-2012-6342 1 Atlassian 1 Confluence Server 2022-05-01 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.
CVE-2021-43940 2 Atlassian, Microsoft 3 Confluence Server, Data Center, Windows 2022-04-30 6.9 MEDIUM 7.8 HIGH
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
CVE-2022-26133 1 Atlassian 1 Bitbucket Data Center 2022-04-28 7.5 HIGH 9.8 CRITICAL
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
CVE-2022-0540 1 Atlassian 4 Jira Core, Jira Data Center, Jira Server and 1 more 2022-04-28 6.8 MEDIUM 9.8 CRITICAL
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVE-2021-43953 1 Atlassian 2 Data Center, Jira 2022-04-25 4.3 MEDIUM 4.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.
CVE-2021-39115 1 Atlassian 2 Jira Service Desk, Jira Service Management 2022-04-25 9.0 HIGH 7.2 HIGH
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
CVE-2021-41313 1 Atlassian 2 Jira Data Center, Jira Server 2022-04-25 4.0 MEDIUM 4.3 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.
CVE-2017-18101 1 Atlassian 2 Jira, Jira Server 2022-04-22 6.4 MEDIUM 6.5 MEDIUM
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
CVE-2019-8444 1 Atlassian 1 Jira Server 2022-04-22 3.5 LOW 5.4 MEDIUM
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
CVE-2019-3400 1 Atlassian 1 Jira Server 2022-04-22 4.3 MEDIUM 6.1 MEDIUM
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.
CVE-2019-8443 1 Atlassian 2 Jira, Jira Server 2022-04-22 6.8 MEDIUM 8.1 HIGH
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
CVE-2019-8442 1 Atlassian 2 Jira, Jira Server 2022-04-22 5.0 MEDIUM 7.5 HIGH
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.