Vulnerabilities > Atlassian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-05 | CVE-2017-8080 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | 8.8 |
| 2017-05-05 | CVE-2017-8058 | Improper Certificate Validation vulnerability in Atlassian Hipchat 3.16.1 Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 5.9 |
| 2017-05-04 | CVE-2017-8768 | OS Command Injection vulnerability in Atlassian Sourcetree Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. | 9.8 |
| 2017-04-27 | CVE-2017-7415 | Information Exposure vulnerability in Atlassian Confluence Server Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | 7.5 |
| 2017-04-14 | CVE-2017-7357 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server 2.2.0/2.2.1/2.2.2 Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. | 9.1 |
| 2017-04-10 | CVE-2017-5983 | Deserialization of Untrusted Data vulnerability in Atlassian Jira The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | 9.8 |
| 2017-04-10 | CVE-2016-4320 | Path Traversal vulnerability in Atlassian Bitbucket Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | 4.3 |
| 2017-04-10 | CVE-2016-4319 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | 8.8 |
| 2017-04-10 | CVE-2016-4318 | Cross-site Scripting vulnerability in Atlassian Jira Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | 4.8 |
| 2017-04-10 | CVE-2016-4317 | Cross-site Scripting vulnerability in Atlassian Confluence Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | 5.4 |