Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-43781 | Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. | 9.8 |
| 2022-11-17 | CVE-2022-43782 | Unspecified vulnerability in Atlassian Crowd Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 | 9.8 |
| 2022-11-15 | CVE-2022-42977 | Path Traversal vulnerability in Atlassian Confluence Data Center The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. | 7.5 |
| 2022-11-15 | CVE-2022-42978 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. | 7.5 |
| 2022-10-14 | CVE-2022-36802 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Align The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. | 4.9 |
| 2022-10-14 | CVE-2022-36803 | Incorrect Default Permissions vulnerability in Atlassian Jira Align The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. | 8.8 |
| 2022-08-25 | CVE-2022-36804 | Unspecified vulnerability in Atlassian Bitbucket Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. | 8.8 |
| 2022-08-10 | CVE-2022-36801 | Cross-site Scripting vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. | 6.1 |
| 2022-08-03 | CVE-2022-36800 | Unspecified vulnerability in Atlassian Jira Service Management Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. | 4.3 |
| 2022-08-01 | CVE-2022-36799 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. | 7.2 |