Filtered by vendor Atlassian
Subscriptions
Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7357 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | ||||
| CVE-2017-9512 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | 7.5 High |
| The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | ||||
| CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2025-04-20 | N/A |
| Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | ||||
| CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2025-04-20 | N/A |
| Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | ||||
| CVE-2017-14590 | 1 Atlassian | 1 Bamboo | 2025-04-20 | N/A |
| Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | ||||
| CVE-2015-8399 | 1 Atlassian | 1 Confluence | 2025-04-12 | N/A |
| Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | ||||
| CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2025-04-12 | N/A |
| An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | ||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2025-04-12 | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | ||||
| CVE-2014-9757 | 1 Atlassian | 1 Bamboo | 2025-04-12 | N/A |
| The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | ||||
| CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2025-04-12 | N/A |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | ||||
| CVE-2014-2313 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| CVE-2015-8398 | 1 Atlassian | 1 Confluence | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | ||||
| CVE-2012-6342 | 1 Atlassian | 1 Confluence Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. | ||||
| CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2025-04-12 | N/A |
| The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | ||||
| CVE-2015-8481 | 1 Atlassian | 3 Jira Core, Jira Server, Jira Service Desk | 2025-04-12 | N/A |
| Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | ||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2025-04-12 | N/A |
| Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | ||||
| CVE-2013-5319 | 1 Atlassian | 1 Jira | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | ||||
| CVE-2013-3925 | 1 Atlassian | 1 Crowd | 2025-04-11 | N/A |
| Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference. | ||||
| CVE-2011-4822 | 1 Atlassian | 1 Fisheye | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page. | ||||