Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2021-09-30 CVE-2020-18683 Improper Input Validation vulnerability in Atlassian Floodlight
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.
network
low complexity
atlassian CWE-20
7.5
2021-09-30 CVE-2020-18684 Integer Overflow or Wraparound vulnerability in Atlassian Floodlight
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.
network
low complexity
atlassian CWE-190
7.5
2021-09-30 CVE-2020-18685 Improper Input Validation vulnerability in Atlassian Floodlight
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.
network
low complexity
atlassian CWE-20
7.5
2021-09-16 CVE-2021-39128 Injection vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.
network
low complexity
atlassian CWE-74
6.5
2021-09-14 CVE-2021-39125 Information Exposure vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page.
network
low complexity
atlassian CWE-200
5.0
2021-09-14 CVE-2019-20101 Unspecified vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint.
network
low complexity
atlassian
5.0
2021-09-14 CVE-2021-39118 Information Exposure vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint.
network
low complexity
atlassian CWE-200
5.0
2021-09-14 CVE-2021-39123 Resource Exhaustion vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint.
network
low complexity
atlassian CWE-400
5.0
2021-09-14 CVE-2021-39124 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.
network
atlassian CWE-352
6.8
2021-09-08 CVE-2021-39121 Unspecified vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint.
network
low complexity
atlassian
4.0