Vulnerabilities > Atlassian

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-29	CVE-2017-9513	Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. network low complexity atlassian CWE-862	5.4
2018-01-26	CVE-2017-14593	Command Injection vulnerability in Atlassian Sourcetree Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. network low complexity atlassian CWE-77	8.8
2018-01-26	CVE-2017-14592	Command Injection vulnerability in Atlassian Sourcetree Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. network low complexity atlassian CWE-77	8.8
2018-01-18	CVE-2017-16863	Cross-site Scripting vulnerability in Atlassian Jira The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter. network low complexity atlassian CWE-79	6.1
2018-01-18	CVE-2017-18033	Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. network low complexity atlassian CWE-352	6.5
2018-01-17	CVE-2017-16865	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). network high complexity atlassian CWE-918	5.3
2018-01-12	CVE-2017-16864	Cross-site Scripting vulnerability in Atlassian Jira The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. network low complexity atlassian CWE-79	6.1
2018-01-12	CVE-2017-16862	Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. network low complexity atlassian CWE-352	4.3
2018-01-12	CVE-2017-14594	Cross-site Scripting vulnerability in Atlassian Jira The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. network low complexity atlassian CWE-79	6.1
2017-12-13	CVE-2017-14590	Unspecified vulnerability in Atlassian Bamboo Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. network low complexity atlassian critical	9.1

Vulnerabilities > Atlassian {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Atlassian"}]}

Vulnerabilities > Atlassian