Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2018-10-16 CVE-2018-13399 Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Crucible and Fisheye
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
local
low complexity
atlassian CWE-732
4.6
2018-09-18 CVE-2018-13398 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible and Fisheye
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
2018-08-28 CVE-2018-13395 Cross-site Scripting vulnerability in Atlassian Jira and Jira Server
Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.
network
atlassian CWE-79
4.3
2018-08-28 CVE-2018-13391 Information Exposure vulnerability in Atlassian Jira and Jira Server
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.
network
low complexity
atlassian CWE-200
5.0
2018-08-15 CVE-2018-13394 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions FOR Confluence
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
2018-08-15 CVE-2018-13393 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions FOR Confluence
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
2018-08-13 CVE-2018-13392 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
network
atlassian CWE-79
4.3
2018-08-10 CVE-2018-13390 Unspecified vulnerability in Atlassian Cloudtoken
Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
low complexity
atlassian
4.8
2018-07-24 CVE-2018-13386 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories.
network
atlassian CWE-88
6.8
2018-07-24 CVE-2018-13385 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories.
network
low complexity
atlassian CWE-88
7.5