Vulnerabilities > Atlassian

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-12	CVE-2017-14594	Cross-site Scripting vulnerability in Atlassian Jira and Jira Server The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. network atlassian CWE-79	4.3
2017-12-13	CVE-2017-14590	Unspecified vulnerability in Atlassian Bamboo Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. network low complexity atlassian critical	9.0
2017-12-13	CVE-2017-14589	Improper Input Validation vulnerability in Atlassian Bamboo It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. network atlassian CWE-20	6.8
2017-12-05	CVE-2017-16857	Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. network atlassian CWE-362	6.0
2017-12-05	CVE-2017-16856	Cross-site Scripting vulnerability in Atlassian Confluence The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. network atlassian CWE-79	4.3
2017-11-29	CVE-2017-14591	Argument Injection or Modification vulnerability in Atlassian Crucible and Fisheye Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. network atlassian CWE-88 critical	9.3
2017-11-27	CVE-2017-14586	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Atlassian Hipchat The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. network low complexity atlassian CWE-119	7.5
2017-11-27	CVE-2017-14585	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. network low complexity atlassian CWE-918 critical	9.0
2017-10-12	CVE-2017-9514	Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. network low complexity atlassian CWE-732	6.5
2017-10-11	CVE-2017-14588	Cross-site Scripting vulnerability in Atlassian Crucible Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. network atlassian CWE-79	4.3

Vulnerabilities > Atlassian {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Atlassian"}]}

Vulnerabilities > Atlassian