Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-18 | CVE-2017-18033 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | 6.5 |
| 2018-01-17 | CVE-2017-16865 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). | 5.3 |
| 2018-01-12 | CVE-2017-16864 | Cross-site Scripting vulnerability in Atlassian Jira The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | 6.1 |
| 2018-01-12 | CVE-2017-16862 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
| 2018-01-12 | CVE-2017-14594 | Cross-site Scripting vulnerability in Atlassian Jira The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | 6.1 |
| 2017-12-13 | CVE-2017-14590 | Unspecified vulnerability in Atlassian Bamboo Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. | 9.1 |
| 2017-12-13 | CVE-2017-14589 | Improper Input Validation vulnerability in Atlassian Bamboo It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. | 9.6 |
| 2017-12-05 | CVE-2017-16857 | Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. | 8.5 |
| 2017-12-05 | CVE-2017-16856 | Cross-site Scripting vulnerability in Atlassian Confluence The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. | 6.1 |
| 2017-11-29 | CVE-2017-14591 | Argument Injection or Modification vulnerability in Atlassian Crucible Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. | 9.0 |