Filtered by vendor Atlassian
Subscriptions
Total
433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2021-07-21 | 5.3 Medium |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | ||||
| CVE-2019-20898 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-07-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. | ||||
| CVE-2020-14165 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-07-21 | 5.3 Medium |
| The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. | ||||
| CVE-2020-14180 | 1 Atlassian | 1 Jira Service Desk | 2021-07-21 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | ||||
| CVE-2020-14190 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | ||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | ||||
| CVE-2020-29446 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.3 Medium |
| Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | ||||
| CVE-2020-4017 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.3 Medium |
| The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | ||||
| CVE-2020-4016 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.3 Medium |
| The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | ||||
| CVE-2020-4014 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 4.3 Medium |
| The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | ||||
| CVE-2020-4015 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 4.3 Medium |
| The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | ||||
| CVE-2020-36237 | 1 Atlassian | 2 Data Center, Jira | 2021-07-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. | ||||
| CVE-2021-26077 | 1 Atlassian | 1 Connect Spring Boot | 2021-05-18 | 8.8 High |
| Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | ||||
| CVE-2020-12873 | 1 Atlassian | 1 Alfresco Enterprise Content Management | 2021-02-25 | 8.8 High |
| An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | ||||
| CVE-2020-36233 | 2 Atlassian, Microsoft | 2 Bitbucket, Windows | 2021-02-24 | 7.8 High |
| The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | ||||
| CVE-2020-14192 | 1 Atlassian | 2 Crucible, Fisheye | 2021-02-04 | 4.3 Medium |
| Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. | ||||
| CVE-2021-26067 | 1 Atlassian | 1 Bamboo | 2021-02-04 | 5.3 Medium |
| Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2. | ||||
| CVE-2020-29447 | 1 Atlassian | 1 Crucible | 2020-12-22 | 4.3 Medium |
| Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. | ||||
| CVE-2017-9512 | 1 Atlassian | 2 Crucible, Fisheye | 2020-11-25 | N/A |
| The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | ||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2020-11-25 | N/A |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | ||||