Vulnerabilities > Atlassian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-19 | CVE-2019-15000 | OS Command Injection vulnerability in Atlassian Bitbucket The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands. | 6.8 |
2019-09-19 | CVE-2019-14994 | Path Traversal vulnerability in Atlassian Jira Service Desk The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. | 4.3 |
2019-09-11 | CVE-2019-8451 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Server The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | 6.4 |
2019-09-11 | CVE-2019-8450 | Cross-site Scripting vulnerability in Atlassian Jira Server Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | 3.5 |
2019-09-11 | CVE-2019-8449 | Missing Authentication for Critical Function vulnerability in Atlassian Jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | 5.0 |
2019-09-11 | CVE-2019-14998 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | 4.3 |
2019-09-11 | CVE-2019-14997 | Unspecified vulnerability in Atlassian Jira Server The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. network atlassian | 4.3 |
2019-09-11 | CVE-2019-14996 | Cross-site Scripting vulnerability in Atlassian Jira Server The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 4.3 |
2019-09-11 | CVE-2019-14995 | Missing Authorization vulnerability in Atlassian Jira Server The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | 5.0 |
2019-08-29 | CVE-2019-3394 | Path Traversal vulnerability in Atlassian Confluence and Confluence Server There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. | 4.0 |