Vulnerabilities in Atlassian

399 results

CVE-2019-20100—The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versionsEPSS 1.0%CVE-2017-18112—Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerEPSS 1.0%CVE-2020-36234—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site ScEPSS 1.0%CVE-2018-13395—Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, EPSS 1.0%CVE-2018-5232—The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to iEPSS 1.0%CVE-2020-14165—The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain informEPSS 1.0%CVE-2020-4021—Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject aEPSS 1.0%CVE-2019-20408—The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal netEPSS 1.0%CVE-2018-13389—The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox BroEPSS 1.0%CVE-2020-29447—Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerEPSS 1.0%CVE-2021-41308—Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File RepliEPSS 1.0%CVE-2021-39111—The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before EPSS 1.0%CVE-2020-36232—The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4EPSS 1.0%CVE-2019-11584—The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross sEPSS 1.0%CVE-2020-4015—The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user eEPSS 1.0%CVE-2021-26077CRITICALBroken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian CEPSS 1.0%CVE-2021-26080—EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.EPSS 0.9%CVE-2018-13403—The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from verEPSS 0.9%CVE-2020-14184—Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vuEPSS 0.9%CVE-2020-29444MEDIUMAffected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross SitEPSS 0.9%

← previouspage 12 / 20next →