Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43781 Command Injection vulnerability in Atlassian Bitbucket
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center.
network
low complexity
atlassian CWE-77
critical
9.8
2022-11-17 CVE-2022-43782 Improper Authentication vulnerability in Atlassian Crowd
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path.
network
low complexity
atlassian CWE-287
critical
9.8
2022-11-15 CVE-2022-42977 Information Exposure vulnerability in Atlassian Confluence Data Center
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it.
network
low complexity
atlassian CWE-200
7.5
2022-11-15 CVE-2022-42978 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled.
network
low complexity
atlassian CWE-863
7.5
2022-10-14 CVE-2022-36802 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Align
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery.
network
low complexity
atlassian CWE-918
4.9
2022-10-14 CVE-2022-36803 Incorrect Default Permissions vulnerability in Atlassian Jira Align
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin.
network
low complexity
atlassian CWE-276
8.8
2022-08-25 CVE-2022-36804 Command Injection vulnerability in Atlassian Bitbucket
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
network
low complexity
atlassian CWE-77
8.8
2022-06-30 CVE-2022-26135 Server-Side Request Forgery (SSRF) vulnerability in Atlassian products
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint.
network
low complexity
atlassian CWE-918
4.0
2022-06-03 CVE-2022-26134 Injection vulnerability in Atlassian Confluence Data Center
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-74
7.5
2022-04-20 CVE-2022-0540 Improper Authentication vulnerability in Atlassian Jira Data Center and Jira Service Management
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request.
network
atlassian CWE-287
6.8