Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-14586 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Atlassian Hipchat The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. | 9.8 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-10-12 | CVE-2017-9514 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. | 8.8 |
| 2017-10-11 | CVE-2017-14588 | Cross-site Scripting vulnerability in Atlassian Fisheye Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. | 6.1 |
| 2017-10-11 | CVE-2017-14587 | Cross-site Scripting vulnerability in Atlassian Fisheye The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. | 5.4 |
| 2017-10-03 | CVE-2015-6576 | Code Injection vulnerability in Atlassian Bamboo Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | 8.8 |
| 2017-08-24 | CVE-2017-9511 | Path Traversal vulnerability in Atlassian Crucible The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | 7.5 |
| 2017-08-24 | CVE-2017-9512 | Information Exposure vulnerability in Atlassian Crucible The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | 7.5 |
| 2017-08-24 | CVE-2017-9510 | Cross-site Scripting vulnerability in Atlassian Fisheye The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | 5.4 |
| 2017-08-24 | CVE-2017-9509 | Cross-site Scripting vulnerability in Atlassian Crucible The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | 5.4 |