Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2022-06-03 CVE-2022-26134 Injection vulnerability in Atlassian Confluence Data Center
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-74
7.5
2022-04-20 CVE-2022-0540 Improper Authentication vulnerability in Atlassian Jira Data Center and Jira Service Management
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request.
network
atlassian CWE-287
6.8
2022-04-20 CVE-2022-26133 Deserialization of Untrusted Data vulnerability in Atlassian Bitbucket Data Center 7.20.0
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
network
low complexity
atlassian CWE-502
7.5
2022-04-05 CVE-2021-39114 Injection vulnerability in Atlassian Confluence Data Center
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload.
network
low complexity
atlassian CWE-74
6.5
2022-03-16 CVE-2021-43955 Exposure of Resource to Wrong Sphere vulnerability in Atlassian Crucible
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
network
low complexity
atlassian CWE-668
4.0
2022-03-16 CVE-2021-43956 Unspecified vulnerability in Atlassian Crucible
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
network
atlassian
4.3
2022-03-16 CVE-2021-43957 Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding.
network
low complexity
atlassian CWE-639
5.0
2022-03-16 CVE-2021-43958 Improper Restriction of Excessive Authentication Attempts vulnerability in Atlassian Crucible
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
network
low complexity
atlassian CWE-307
7.5
2022-03-14 CVE-2021-43954 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crucible
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.0
2022-03-08 CVE-2021-43944 Code Injection vulnerability in Atlassian Jira Data Center and Jira Server
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented.
network
low complexity
atlassian CWE-94
6.5