Vulnerabilities in Atlassian

399 results

CVE-2019-15005—The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans anEPSS 1.3%CVE-2019-20101MEDIUMAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access ContEPSS 1.3%CVE-2017-18037—The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from veEPSS 1.3%CVE-2019-20898—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticateEPSS 1.3%CVE-2019-20404—The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles theyEPSS 1.3%CVE-2019-14996—The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inEPSS 1.3%CVE-2020-36236—Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site ScEPSS 1.3%CVE-2021-39127MEDIUMAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a BrokenEPSS 1.3%CVE-2020-14183—Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's SupportEPSS 1.3%CVE-2026-21571CRITICALThis Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0,EPSS 1.3%CVE-2017-9505—Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notificaEPSS 1.3%CVE-2017-18106—The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for anotheEPSS 1.3%CVE-2020-4017—The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 alEPSS 1.2%CVE-2021-43957HIGHAffected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IEPSS 1.2%CVE-2020-4016—The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows rEPSS 1.2%CVE-2020-36237—Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an InformEPSS 1.2%CVE-2017-18110—The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remoteEPSS 1.2%CVE-2020-36240—The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attaEPSS 1.2%CVE-2021-26076—The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 befoEPSS 1.2%CVE-2023-22516HIGHThis High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of BambEPSS 1.2%

← previouspage 9 / 20next →