Vulnerabilidades en Atlassian

399 resultados
CVE-2019-20902Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and EPSS 0.9%CVE-2020-14192Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerabiliEPSS 0.9%CVE-2017-18090Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers toEPSS 0.9%CVE-2020-4028Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in somEPSS 0.9%CVE-2018-13388The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JaEPSS 0.9%CVE-2017-18091The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allowsEPSS 0.9%CVE-2017-14587The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitraryEPSS 0.9%CVE-2020-14180Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to EPSS 0.8%CVE-2021-41304Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a CroEPSS 0.8%CVE-2018-20826The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missEPSS 0.8%CVE-2020-29451Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vEPSS 0.8%CVE-2021-41313Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configuratEPSS 0.8%CVE-2021-43955The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain infEPSS 0.8%CVE-2018-13394The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated toEPSS 0.8%CVE-2021-41311HIGHAffected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access rEPSS 0.8%CVE-2021-43948Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of privEPSS 0.8%CVE-2021-43950Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source conEPSS 0.8%CVE-2020-14170Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal netwEPSS 0.8%CVE-2017-18103The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the EPSS 0.8%CVE-2022-36802MEDIUMThe ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internaEPSS 0.8%