Filtered by vendor Atlassian
Subscribe
Total
432 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9512 | 1 Atlassian | 2 Crucible, Fisheye | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | |||||
CVE-2017-14588 | 1 Atlassian | 2 Crucible, Fisheye | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. | |||||
CVE-2017-14591 | 1 Atlassian | 2 Crucible, Fisheye | 2023-12-10 | 9.3 HIGH | 9.0 CRITICAL |
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. | |||||
CVE-2017-14594 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | |||||
CVE-2017-16862 | 1 Atlassian | 1 Jira | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | |||||
CVE-2017-14586 | 1 Atlassian | 1 Hipchat | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. | |||||
CVE-2017-16857 | 1 Atlassian | 1 Bitbucket Auto Unapprove Plugin | 2023-12-10 | 6.0 MEDIUM | 8.5 HIGH |
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. | |||||
CVE-2017-16856 | 1 Atlassian | 1 Confluence | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. | |||||
CVE-2017-14590 | 1 Atlassian | 1 Bamboo | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | |||||
CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | |||||
CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||
CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | |||||
CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | |||||
CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | |||||
CVE-2016-4319 | 1 Atlassian | 1 Jira | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | |||||
CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
CVE-2016-4318 | 1 Atlassian | 1 Jira | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||||
CVE-2016-6285 | 1 Atlassian | 1 Jira | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||||
CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. |