Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-14587 Cross-site Scripting vulnerability in Atlassian Crucible
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
network
atlassian CWE-79
3.5
2017-10-03 CVE-2015-6576 Code Injection vulnerability in Atlassian Bamboo
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.
network
low complexity
atlassian CWE-94
6.5
2017-08-24 CVE-2017-9511 Path Traversal vulnerability in Atlassian Crucible
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
network
low complexity
atlassian CWE-22
5.0
2017-08-24 CVE-2017-9512 Information Exposure vulnerability in Atlassian Crucible
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
network
low complexity
atlassian CWE-200
5.0
2017-08-24 CVE-2017-9510 Cross-site Scripting vulnerability in Atlassian Fisheye
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
network
atlassian CWE-79
3.5
2017-08-24 CVE-2017-9509 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.
network
atlassian CWE-79
3.5
2017-08-24 CVE-2017-9508 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
network
atlassian CWE-79
3.5
2017-08-24 CVE-2017-9507 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
network
atlassian CWE-79
3.5
2017-08-23 CVE-2017-9506 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Oauth
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
network
atlassian CWE-918
4.3
2017-06-15 CVE-2017-9505 Incorrect Default Permissions vulnerability in Atlassian Confluence
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments.
network
low complexity
atlassian CWE-276
4.0