Vulnerabilities in Atlassian

399 results

CVE-2019-20097—Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0EPSS 2.5%CVE-2019-20104—The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perforEPSS 2.4%CVE-2017-14590—Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to crEPSS 2.4%CVE-2017-18108—The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights tEPSS 2.3%CVE-2020-29448—The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7EPSS 2.3%CVE-2017-14591—Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in MercuriaEPSS 2.3%CVE-2020-14189—The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary codeEPSS 2.3%CVE-2020-14177—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-basedEPSS 2.2%CVE-2021-43944HIGHThis issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. AfEPSS 2.2%CVE-2018-13385—There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission tEPSS 2.2%CVE-2020-29450—Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a DeniaEPSS 2.2%CVE-2018-5223—Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system mayEPSS 2.2%CVE-2023-22508HIGHThis High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data CentEPSS 2.2%CVE-2019-20899—The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated EPSS 2.1%CVE-2020-14167—The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, aEPSS 2.1%CVE-2019-20413—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of SEPSS 2.1%CVE-2018-13397—There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories inEPSS 2.1%CVE-2023-22505HIGHThis High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data CentEPSS 2.1%CVE-2019-3399—The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see iEPSS 2.1%CVE-2020-36235—Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names EPSS 2.0%

← previouspage 5 / 20next →