Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-29447 | Unrestricted Upload of File With Dangerous Type vulnerability in Atlassian Crucible Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. | 4.0 |
| 2020-11-30 | CVE-2020-14193 | Injection vulnerability in Atlassian Jira Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. | 5.5 |
| 2020-11-25 | CVE-2020-14190 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 5.0 |
| 2020-11-25 | CVE-2020-14191 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 5.0 |
| 2020-11-09 | CVE-2020-14189 | Unspecified vulnerability in Atlassian Jira Comment The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | 7.5 |
| 2020-11-09 | CVE-2020-14188 | Unspecified vulnerability in Atlassian Jira Create The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | 7.5 |
| 2020-10-15 | CVE-2020-14185 | Information Exposure vulnerability in Atlassian Jira Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. | 5.0 |
| 2020-10-12 | CVE-2020-14184 | Cross-Site Scripting vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. | 3.5 |
| 2020-10-06 | CVE-2020-14183 | Information Exposure vulnerability in Atlassian Jira Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. | 4.0 |
| 2020-09-21 | CVE-2020-14180 | Information Exposure vulnerability in Atlassian Jira Service Desk Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. | 4.0 |