Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-16858 | Improper Authentication vulnerability in Atlassian Crowd The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. | 6.8 |
| 2018-01-29 | CVE-2017-9513 | Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 5.4 |
| 2018-01-26 | CVE-2017-14593 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-26 | CVE-2017-14592 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-18 | CVE-2017-16863 | Cross-site Scripting vulnerability in Atlassian Jira The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. | 6.1 |
| 2018-01-18 | CVE-2017-18033 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | 6.5 |
| 2018-01-17 | CVE-2017-16865 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). | 5.3 |
| 2018-01-12 | CVE-2017-16864 | Cross-site Scripting vulnerability in Atlassian Jira The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | 6.1 |
| 2018-01-12 | CVE-2017-16862 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2018-01-12 | CVE-2017-14594 | Cross-site Scripting vulnerability in Atlassian Jira The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | 6.1 |