VYPR
Vendor

Atlassian

Atlassian Corporation is an international proprietary software company that specialises in collaboration tools designed primarily for software development and project management. Founded in Sydney in 2002 and domiciled in the United States since 2022 as a pure holding company of Atlassian Corporation Plc, the company is globally headquartered in Sydney, Australia, with a US headquarters in San Francisco, and over 12,000 employees across 14 countries. Atlassian currently serves over 300,000 customers in over 200 countries and territories around the world.

Founded 2002
Products
73
CVEs
471
Across products
786
Status
Private

Products

73
View all 73 products →

Recent CVEs

471
View all 471 CVEs →
  • CVE-2012-2926CriMay 22, 2012
    risk 0.67cvss 9.1epss 0.67

    Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3…

  • CVE-2018-5225CriMar 22, 2018
    risk 0.65cvss 9.9epss 0.04

    In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x),…

  • CVE-2017-5983CriApr 10, 2017
    risk 0.65cvss 9.8epss 0.16

    The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

  • CVE-2018-16281CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.01

    The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.

  • CVE-2018-13385CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.02

    There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.…

  • CVE-2017-16861CriFeb 1, 2018
    risk 0.64cvss 9.8epss 0.02

    It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or…

  • CVE-2017-14586CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.04

    The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.

  • CVE-2017-8768CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.08

    Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command.…

  • CVE-2016-6496CriDec 9, 2016
    risk 0.64cvss 9.8epss 0.05

    The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

  • CVE-2016-5229CriAug 2, 2016
    risk 0.64cvss 9.8epss 0.07

    Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

  • CVE-2015-8360CriFeb 8, 2016
    risk 0.64cvss 9.8epss 0.03

    An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.

  • CVE-2014-9757CriFeb 8, 2016
    risk 0.64cvss 9.8epss 0.02

    The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

  • CVE-2017-14589CriDec 13, 2017
    risk 0.63cvss 9.6epss 0.02

    It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute…

  • CVE-2026-21571CriApr 21, 2026
    risk 0.61cvss epss 0.01

    This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.   This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of …

  • CVE-2017-14590CriDec 13, 2017
    risk 0.59cvss 9.1epss 0.02

    Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least…

  • CVE-2017-14591CriNov 29, 2017
    risk 0.59cvss 9.0epss 0.02

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

  • CVE-2017-7357CriApr 14, 2017
    risk 0.59cvss 9.1epss 0.03

    Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.

  • CVE-2015-8361CriFeb 8, 2016
    risk 0.59cvss 9.1epss 0.03

    Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

  • CVE-2017-14593HigJan 26, 2018
    risk 0.58cvss 8.8epss 0.06

    Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From…

  • CVE-2017-14592HigJan 26, 2018
    risk 0.58cvss 8.8epss 0.06

    Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version…