Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-29447 Unrestricted Upload of File With Dangerous Type vulnerability in Atlassian Crucible
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews.
network
low complexity
atlassian CWE-434
4.0
2020-11-30 CVE-2020-14193 Injection vulnerability in Atlassian Jira
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials.
network
low complexity
atlassian CWE-74
5.5
2020-11-25 CVE-2020-14190 Missing Authorization vulnerability in Atlassian Crucible
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.
network
low complexity
atlassian CWE-862
5.0
2020-11-25 CVE-2020-14191 Missing Authorization vulnerability in Atlassian Crucible
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.
network
low complexity
atlassian CWE-862
5.0
2020-11-09 CVE-2020-14189 Unspecified vulnerability in Atlassian Jira Comment
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
network
low complexity
atlassian
7.5
2020-11-09 CVE-2020-14188 Unspecified vulnerability in Atlassian Jira Create
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
network
low complexity
atlassian
7.5
2020-10-15 CVE-2020-14185 Information Exposure vulnerability in Atlassian Jira
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource.
network
low complexity
atlassian CWE-200
5.0
2020-10-12 CVE-2020-14184 Cross-Site Scripting vulnerability in Atlassian Jira
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files.
network
atlassian CWE-79
3.5
2020-10-06 CVE-2020-14183 Information Exposure vulnerability in Atlassian Jira
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.
network
low complexity
atlassian CWE-200
4.0
2020-09-21 CVE-2020-14180 Information Exposure vulnerability in Atlassian Jira Service Desk
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource.
network
low complexity
atlassian CWE-200
4.0