Vulnerabilities > Atlassian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-18 | CVE-2018-20233 | XXE vulnerability in Atlassian Universal Plugin Manager The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | 5.5 |
2019-01-09 | CVE-2018-1000423 | Insufficiently Protected Credentials vulnerability in Atlassian Crowd2 An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | 2.1 |
2019-01-09 | CVE-2018-1000422 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crowd2 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | 4.0 |
2019-01-09 | CVE-2018-1000419 | Unspecified vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | 6.5 |
2019-01-09 | CVE-2018-1000418 | Incorrect Authorization vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2018-11-05 | CVE-2018-13397 | Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. | 9.0 |
2018-11-05 | CVE-2018-13396 | Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. | 9.0 |
2018-10-23 | CVE-2018-13402 | Open Redirect vulnerability in Atlassian Jira and Jira Server Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 5.8 |
2018-10-23 | CVE-2018-13401 | Open Redirect vulnerability in Atlassian Jira and Jira Server The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | 5.8 |
2018-10-23 | CVE-2018-13400 | Improper Privilege Management vulnerability in Atlassian Jira and Jira Server Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 6.5 |