Vulnerabilities > Atlassian

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-18	CVE-2018-20233	XXE vulnerability in Atlassian Universal Plugin Manager The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. network low complexity atlassian CWE-611	5.5
2019-01-09	CVE-2018-1000423	Insufficiently Protected Credentials vulnerability in Atlassian Crowd2 An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. local low complexity atlassian CWE-522	2.1
2019-01-09	CVE-2018-1000422	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crowd2 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. network low complexity atlassian CWE-918	4.0
2019-01-09	CVE-2018-1000419	Unspecified vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. network low complexity atlassian	6.5
2019-01-09	CVE-2018-1000418	Incorrect Authorization vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity atlassian CWE-863	8.8
2018-11-05	CVE-2018-13397	Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. network low complexity atlassian critical	9.0
2018-11-05	CVE-2018-13396	Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. network low complexity atlassian critical	9.0
2018-10-23	CVE-2018-13402	Open Redirect vulnerability in Atlassian Jira and Jira Server Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. network atlassian CWE-601	5.8
2018-10-23	CVE-2018-13401	Open Redirect vulnerability in Atlassian Jira and Jira Server The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. network atlassian CWE-601	5.8
2018-10-23	CVE-2018-13400	Improper Privilege Management vulnerability in Atlassian Jira and Jira Server Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. network low complexity atlassian CWE-269	6.5

Vulnerabilities > Atlassian {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Atlassian"}]}

Vulnerabilities > Atlassian