VYPR

Vendor CVEs

Atlassian

All CVEs

471 total · sorted by risk
  • CVE-2024-21685Jun 18, 2024
    risk 0.00cvss epss 0.00

    This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via…

  • CVE-2024-21677Mar 19, 2024
    risk 0.00cvss epss 0.01

    This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to…

  • CVE-2024-21678Feb 20, 2024
    risk 0.00cvss epss 0.00

    This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high…

  • CVE-2024-21682Feb 20, 2024
    risk 0.00cvss epss 0.01

    This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management…

  • CVE-2024-21674Jan 16, 2024
    risk 0.00cvss epss 0.02

    This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an…

  • CVE-2023-22526Jan 16, 2024
    risk 0.00cvss epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact…

  • CVE-2023-22516Nov 21, 2023
    risk 0.00cvss epss 0.01

    This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to…

  • CVE-2023-22521Nov 21, 2023
    risk 0.00cvss epss 0.01

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high…

  • CVE-2023-22506Jul 18, 2023
    risk 0.00cvss epss 0.02

    This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.   This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker…

  • CVE-2023-22508Jul 18, 2023
    risk 0.00cvss epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute…

  • CVE-2023-22505Jul 18, 2023
    risk 0.00cvss epss 0.02

    This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary…

  • CVE-2023-33287May 31, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables.

  • CVE-2023-22504May 25, 2023
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

  • CVE-2023-22503May 1, 2023
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This…

  • CVE-2023-22501Feb 1, 2023
    risk 0.00cvss epss 0.16

    An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and…

  • CVE-2022-43782Nov 17, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by…

  • CVE-2022-36803Oct 14, 2022
    risk 0.00cvss epss 0.01

    The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.

  • CVE-2022-36802Oct 14, 2022
    risk 0.00cvss epss 0.01

    The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin…

  • CVE-2022-36801Aug 10, 2022
    risk 0.00cvss epss 0.65

    Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.

  • CVE-2022-36800Aug 3, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version…

  • CVE-2022-36799Aug 1, 2022
    risk 0.00cvss epss 0.45

    This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…

  • CVE-2021-43959Jul 26, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running…

  • CVE-2020-36290Jul 26, 2022
    risk 0.00cvss epss 0.01

    The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site…

  • CVE-2022-36131Jul 22, 2022
    risk 0.00cvss epss 0.01

    The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.

  • CVE-2022-26137Jul 20, 2022
    risk 0.00cvss epss 0.02

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…

  • CVE-2022-26136Jul 20, 2022
    risk 0.00cvss epss 0.04

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in…

  • CVE-2022-32274Jul 13, 2022
    risk 0.00cvss epss 0.01

    The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

  • CVE-2022-32567Jul 7, 2022
    risk 0.00cvss epss 0.01

    The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.

  • CVE-2021-39114Apr 5, 2022
    risk 0.00cvss epss 0.02

    Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23,…

  • CVE-2021-43958Mar 16, 2022
    risk 0.00cvss epss 0.01

    Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing…

  • CVE-2021-43957Mar 16, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are…

  • CVE-2021-43956Mar 16, 2022
    risk 0.00cvss epss 0.01

    The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

  • CVE-2021-43955Mar 16, 2022
    risk 0.00cvss epss 0.01

    The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.

  • CVE-2021-43954Mar 14, 2022
    risk 0.00cvss epss 0.01

    The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.

  • CVE-2021-43944Mar 8, 2022
    risk 0.00cvss epss 0.02

    This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute…

  • CVE-2021-43945Feb 28, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The…

  • CVE-2021-43943Feb 24, 2022
    risk 0.00cvss epss 0.00

    Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of…

  • CVE-2021-43948Feb 15, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.

  • CVE-2021-43941Feb 15, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected…

  • CVE-2021-43940Feb 15, 2022
    risk 0.00cvss epss 0.00

    Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence…

  • CVE-2021-43950Feb 15, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before…

  • CVE-2021-43953Feb 15, 2022
    risk 0.00cvss epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The…

  • CVE-2021-43952Feb 15, 2022
    risk 0.00cvss epss 0.00

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are…

  • CVE-2021-43949Jan 10, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0.

  • CVE-2021-43951Jan 10, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before…

  • CVE-2021-43947Jan 6, 2022
    risk 0.00cvss epss 0.04

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of…

  • CVE-2021-43946Jan 5, 2022
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version…

  • CVE-2021-43942Jan 4, 2022
    risk 0.00cvss epss 0.55

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick…

  • CVE-2021-41311Dec 8, 2021
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/…

  • CVE-2021-41309Dec 8, 2021
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the…

Page 5 of 10