Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2018-09-18 CVE-2018-13398 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Fisheye
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5
2018-08-28 CVE-2018-13395 Cross-site Scripting vulnerability in Atlassian Jira
Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-08-28 CVE-2018-13391 Information Exposure vulnerability in Atlassian Jira
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.
network
low complexity
atlassian CWE-200
5.3
5.3
2018-08-15 CVE-2018-13394 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5
2018-08-15 CVE-2018-13393 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5
2018-08-13 CVE-2018-13392 Cross-site Scripting vulnerability in Atlassian Fisheye
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-08-10 CVE-2018-13390 Unspecified vulnerability in Atlassian Cloudtoken
Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
low complexity
atlassian
6.1
6.1
2018-07-24 CVE-2018-13386 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories.
network
high complexity
atlassian CWE-88
8.1
8.1
2018-07-24 CVE-2018-13385 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories.
network
low complexity
atlassian CWE-88
critical
 9.8
9.8
2018-07-24 CVE-2017-18104 Information Exposure vulnerability in Atlassian Jira
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
network
high complexity
atlassian CWE-200
5.9
5.9