Vulnerabilidades em Atlassian
399 resultadosCVE-2022-26134CRITICALIn affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attackEPSS 100.0%KEVCVE-2021-26086MEDIUMAffected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerabilitEPSS 100.0%KEVCVE-2021-26084CRITICALIn affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attackEPSS 100.0%KEVCVE-2023-22518CRITICALAll versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability EPSS 100.0%KEVCVE-2023-22527CRITICALA template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE EPSS 100.0%KEVCVE-2021-26085MEDIUMAffected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File EPSS 99.9%KEVCVE-2019-3396CRITICALThe Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.1EPSS 99.9%KEVCVE-2020-14181—Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vuEPSS 99.6%CVE-2020-36289MEDIUMAffected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vuEPSS 99.2%CVE-2022-36804HIGHMultiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10,EPSS 99.2%KEVCVE-2023-22515CRITICALAtlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknowEPSS 99.2%KEVCVE-2022-26138CRITICALThe Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users gEPSS 98.2%KEVCVE-2022-43781CRITICALThere is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to cEPSS 98.0%CVE-2019-3398HIGHConfluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permiEPSS 97.2%KEVCVE-2019-11580CRITICALAtlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unEPSS 95.4%KEVCVE-2019-8451—The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal netEPSS 94.5%CVE-2022-0540CRITICALA vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP requesEPSS 88.3%CVE-2024-21683HIGHThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (EPSS 88.3%CVE-2019-8449—The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an informationEPSS 84.8%CVE-2019-11581CRITICALThere was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail aEPSS 84.6%KEV