Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2017-06-14 CVE-2017-8907 Incorrect Authorization vulnerability in Atlassian Bamboo
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.
network
low complexity
atlassian CWE-863
6.5
2017-05-05 CVE-2017-8080 Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
network
low complexity
atlassian CWE-434
6.5
2017-05-05 CVE-2017-8058 Improper Certificate Validation vulnerability in Atlassian Hipchat 3.16.1
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
network
high complexity
atlassian CWE-295
5.9
2017-05-04 CVE-2017-8768 OS Command Injection vulnerability in Atlassian Sourcetree
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme.
network
low complexity
atlassian CWE-78
critical
10.0
2017-04-27 CVE-2017-7415 Information Exposure vulnerability in Atlassian Confluence Server
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
network
low complexity
atlassian CWE-200
5.0
2017-04-14 CVE-2017-7357 Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
network
low complexity
atlassian CWE-434
6.5
2017-04-10 CVE-2017-5983 Deserialization of Untrusted Data vulnerability in Atlassian Jira
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
network
low complexity
atlassian CWE-502
7.5
2017-04-10 CVE-2016-4320 Path Traversal vulnerability in Atlassian Bitbucket
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
network
low complexity
atlassian CWE-22
4.0
2017-04-10 CVE-2016-4319 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
network
atlassian CWE-352
6.8
2017-04-10 CVE-2016-4318 Cross-site Scripting vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
network
atlassian CWE-79
3.5