Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2019-03-08 CVE-2018-20235 Unspecified vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories.
network
low complexity
atlassian
critical
 9.0
9.0
2019-03-08 CVE-2018-20234 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories.
network
low complexity
atlassian CWE-88
critical
 9.0
9.0
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-13 CVE-2018-20238 Session Fixation vulnerability in Atlassian Crowd
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
network
low complexity
atlassian CWE-384
5.5
5.5
2019-02-13 CVE-2018-20237 Exposure of Resource to Wrong Sphere vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
network
low complexity
atlassian CWE-668
4.0
4.0
2019-02-13 CVE-2018-20232 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
network
atlassian CWE-79
3.5
3.5
2019-02-13 CVE-2018-13404 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira and Jira Server
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.0
4.0
2019-02-13 CVE-2018-13403 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
network
atlassian CWE-79
3.5
3.5
2019-01-29 CVE-2016-10740 Information Exposure vulnerability in Atlassian Crowd
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.
network
low complexity
atlassian CWE-200
4.0
4.0