Filtered by vendor Atlassian
Subscribe
Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20418 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0. | |||||
| CVE-2020-14169 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-20408 | 1 Atlassian | 1 Jira | 2020-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | |||||
| CVE-2020-4028 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | |||||
| CVE-2019-20416 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-07 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | |||||
| CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | |||||
| CVE-2020-4026 | 1 Atlassian | 1 Navigator Links | 2020-06-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | |||||
| CVE-2020-4019 | 1 Atlassian | 1 Companion | 2020-06-05 | 4.4 MEDIUM | 7.8 HIGH |
| The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | |||||
| CVE-2020-4023 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | |||||
| CVE-2020-4020 | 1 Atlassian | 1 Companion | 2020-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | |||||
| CVE-2020-4018 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2020-4013 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 3.5 LOW | 5.4 MEDIUM |
| The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | |||||
| CVE-2017-14592 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | |||||
| CVE-2018-20234 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-13396 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-13385 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability. | |||||
| CVE-2020-9344 | 1 Atlassian | 1 Subversion Application Lifecycle Management | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | |||||
| CVE-2012-1500 | 1 Atlassian | 2 Greenhopper, Jira | 2020-02-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | |||||
| CVE-2019-15011 | 1 Atlassian | 1 Application Links | 2019-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check. | |||||
| CVE-2017-18107 | 1 Atlassian | 1 Crowd | 2019-12-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default. | |||||