Vulnerabilities in Atlassian

399 results

CVE-2019-11585—The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2EPSS 1.2%CVE-2020-14174—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure DirectEPSS 1.2%CVE-2023-22521HIGHThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (REPSS 1.2%CVE-2017-18096—The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 alloEPSS 1.2%CVE-2020-14191—Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoSEPSS 1.2%CVE-2018-5228—The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScrEPSS 1.2%CVE-2020-14190—Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. EPSS 1.2%CVE-2019-15013—The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5EPSS 1.2%CVE-2020-29445MEDIUMAffected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and poEPSS 1.2%CVE-2020-36231—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have accessEPSS 1.2%CVE-2019-20407—The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackerEPSS 1.2%CVE-2019-20106—Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before versioEPSS 1.2%CVE-2021-26081MEDIUMREST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 befoEPSS 1.2%CVE-2019-20901—The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users tEPSS 1.2%CVE-2019-14998—The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypasEPSS 1.2%CVE-2021-41312HIGHAffected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service ManageEPSS 1.2%CVE-2021-41305HIGHAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filterEPSS 1.2%CVE-2019-14997—The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including theirEPSS 1.2%CVE-2017-16864—The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross EPSS 1.2%CVE-2020-14175—Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-SEPSS 1.2%

← previouspage 10 / 20next →