Filtered by vendor Atlassian
Subscribe
Total
429 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | |||||
CVE-2017-5983 | 1 Atlassian | 1 Jira | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | |||||
CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||||
CVE-2015-8398 | 1 Atlassian | 1 Confluence | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | |||||
CVE-2015-8481 | 1 Atlassian | 3 Jira Core, Jira Server, Jira Service Desk | 2024-02-04 | 3.5 LOW | 3.1 LOW |
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | |||||
CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | |||||
CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | |||||
CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | |||||
CVE-2015-8399 | 1 Atlassian | 1 Confluence | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | |||||
CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2024-02-04 | 6.5 MEDIUM | N/A |
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | |||||
CVE-2014-2313 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2024-02-04 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | |||||
CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2024-02-04 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | |||||
CVE-2012-6342 | 1 Atlassian | 1 Confluence Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. | |||||
CVE-2012-2928 | 2 Atlassian, Gliffy | 3 Confluence Server, Jira, Gliffy | 2024-02-04 | 6.4 MEDIUM | N/A |
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
CVE-2013-5319 | 1 Atlassian | 1 Jira | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | |||||
CVE-2012-2926 | 1 Atlassian | 7 Bamboo, Confluence, Confluence Server and 4 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
CVE-2012-2927 | 2 Atlassian, Tm Software | 4 Jira, Tempo, Tempo6.3.0 and 1 more | 2024-02-04 | 4.0 MEDIUM | N/A |
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. | |||||
CVE-2010-1165 | 1 Atlassian | 1 Jira | 2024-02-04 | 9.0 HIGH | N/A |
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. | |||||
CVE-2010-1164 | 1 Atlassian | 1 Jira | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010. | |||||
CVE-2011-4822 | 1 Atlassian | 1 Fisheye | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page. |