VYPR

Vendor CVEs

Atlassian

All CVEs

471 total · sorted by risk
  • CVE-2019-20415Jun 30, 2020
    risk 0.00cvss epss 0.01

    Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

  • CVE-2019-20414Jun 29, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before…

  • CVE-2019-20413Jun 29, 2020
    risk 0.00cvss epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0…

  • CVE-2019-20412Jun 29, 2020
    risk 0.00cvss epss 0.02

    The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue…

  • CVE-2019-20411Jun 29, 2020
    risk 0.00cvss epss 0.01

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

  • CVE-2019-20410Jun 29, 2020
    risk 0.00cvss epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and…

  • CVE-2020-4028Jun 23, 2020
    risk 0.00cvss epss 0.01

    Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure…

  • CVE-2019-20409Jun 23, 2020
    risk 0.00cvss epss 0.02

    The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

  • CVE-2020-4026Jun 2, 2020
    risk 0.00cvss epss 0.01

    The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including…

  • CVE-2020-4023Jun 1, 2020
    risk 0.00cvss epss 0.01

    The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.

  • CVE-2020-4021Jun 1, 2020
    risk 0.00cvss epss 0.01

    Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

  • CVE-2020-4020Jun 1, 2020
    risk 0.00cvss epss 0.02

    The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

  • CVE-2020-4019Jun 1, 2020
    risk 0.00cvss epss 0.00

    The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.

  • CVE-2020-4018Jun 1, 2020
    risk 0.00cvss epss 0.01

    The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.

  • CVE-2020-4017Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.

  • CVE-2020-4016Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.

  • CVE-2020-4015Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.

  • CVE-2020-4014Jun 1, 2020
    risk 0.00cvss epss 0.01

    The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.

  • CVE-2020-4013Jun 1, 2020
    risk 0.00cvss epss 0.01

    The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

  • CVE-2019-20102Apr 22, 2020
    risk 0.00cvss epss 0.01

    The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType`…

  • CVE-2019-20407Mar 17, 2020
    risk 0.00cvss epss 0.01

    The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

  • CVE-2019-20105Mar 17, 2020
    risk 0.00cvss epss 0.01

    The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote…

  • CVE-2019-20100Feb 12, 2020
    risk 0.00cvss epss 0.01

    The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version…

  • CVE-2019-20099Feb 12, 2020
    risk 0.00cvss epss 0.01

    The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…

  • CVE-2019-20098Feb 12, 2020
    risk 0.00cvss epss 0.01

    The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the…

  • CVE-2019-20406Feb 6, 2020
    risk 0.00cvss epss 0.00

    The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable…

  • CVE-2019-20405Feb 6, 2020
    risk 0.00cvss epss 0.01

    The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

  • CVE-2019-20404Feb 6, 2020
    risk 0.00cvss epss 0.01

    The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

  • CVE-2019-20403Feb 6, 2020
    risk 0.00cvss epss 0.01

    The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

  • CVE-2019-20402Feb 6, 2020
    risk 0.00cvss epss 0.01

    Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

  • CVE-2019-20401Feb 6, 2020
    risk 0.00cvss epss 0.01

    Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

  • CVE-2019-20400Feb 6, 2020
    risk 0.00cvss epss 0.00

    The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.

  • CVE-2019-20106Feb 6, 2020
    risk 0.00cvss epss 0.01

    Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control…

  • CVE-2019-20104Feb 6, 2020
    risk 0.00cvss epss 0.02

    The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.

  • CVE-2019-20097Jan 15, 2020
    risk 0.00cvss epss 0.02

    Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before…

  • CVE-2019-15012Jan 15, 2020
    risk 0.00cvss epss 0.02

    Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3,…

  • CVE-2019-15010Jan 15, 2020
    risk 0.00cvss epss 0.03

    Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from…

  • CVE-2019-15013Dec 18, 2019
    risk 0.00cvss epss 0.01

    The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue…

  • CVE-2019-15011Dec 17, 2019
    risk 0.00cvss epss 0.01

    The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to…

  • CVE-2017-18107Dec 17, 2019
    risk 0.00cvss epss 0.00

    Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by…

  • CVE-2019-19748Dec 12, 2019
    risk 0.00cvss epss 0.01

    The Work Time Calendar app before 4.7.1 for Jira allows XSS.

  • CVE-2019-15009Dec 11, 2019
    risk 0.00cvss epss 0.01

    The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.

  • CVE-2019-15008Dec 11, 2019
    risk 0.00cvss epss 0.01

    The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.

  • CVE-2019-15007Dec 11, 2019
    risk 0.00cvss epss 0.01

    The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.

  • CVE-2019-15005Nov 8, 2019
    risk 0.00cvss epss 0.01

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…

  • CVE-2019-15004Nov 7, 2019
    risk 0.00cvss epss 0.04

    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with…

  • CVE-2019-15003Nov 7, 2019
    risk 0.00cvss epss 0.02

    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with…

  • CVE-2019-14994Sep 19, 2019
    risk 0.00cvss epss 0.05

    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before…

  • CVE-2019-8450Sep 11, 2019
    risk 0.00cvss epss 0.01

    Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the…

  • CVE-2019-14998Sep 11, 2019
    risk 0.00cvss epss 0.01

    The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.

Page 8 of 10