Vulnerabilities (CVE)

Filtered by vendor Atlassian Subscribe
Total 398 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6832 1 Atlassian 1 Jira 2017-08-17 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6531 1 Atlassian 1 Jira 2017-08-17 6.8 MEDIUM N/A
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
CVE-2006-3338 1 Atlassian 1 Jira 2017-07-20 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
CVE-2006-3339 1 Atlassian 1 Jira 2017-07-20 5.0 MEDIUM N/A
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.
CVE-2017-8768 1 Atlassian 1 Sourcetree 2017-05-17 10.0 HIGH 9.8 CRITICAL
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.
CVE-2017-8058 1 Atlassian 1 Hipchat 2017-05-16 4.3 MEDIUM 5.9 MEDIUM
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2017-5983 1 Atlassian 1 Jira 2017-04-15 7.5 HIGH 9.8 CRITICAL
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
CVE-2016-6285 1 Atlassian 1 Jira 2017-02-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2016-6283 1 Atlassian 1 Confluence 2017-01-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVE-2014-2314 2 Atlassian, Microsoft 2 Jira, Windows 2015-07-29 4.3 MEDIUM N/A
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2014-2313 2 Atlassian, Microsoft 2 Jira, Windows 2014-03-10 4.3 MEDIUM N/A
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2013-3926 1 Atlassian 1 Crowd 2013-10-04 7.5 HIGH N/A
** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued."
CVE-2013-5319 1 Atlassian 1 Jira 2013-08-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
CVE-2013-3925 1 Atlassian 1 Crowd 2013-07-02 5.8 MEDIUM N/A
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.
CVE-2005-3967 1 Atlassian 1 Confluence 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
CVE-2007-6619 1 Atlassian 1 Jira 2008-11-15 7.5 HIGH N/A
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVE-2007-6618 1 Atlassian 1 Jira 2008-11-15 5.0 MEDIUM N/A
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
CVE-2007-6617 1 Atlassian 1 Jira 2008-11-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.