Vulnerabilities > Atlassian

DATE CVE VULNERABILITY TITLE RISK
2016-02-08 CVE-2014-9757 Improper Input Validation vulnerability in Atlassian Bamboo
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
network
low complexity
atlassian CWE-20
7.5
2016-01-08 CVE-2015-8481 Information Exposure vulnerability in Atlassian Jira Core, Jira Server and Jira Service Desk
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
network
atlassian CWE-200
3.5
2015-09-21 CVE-2015-5603 Code Injection vulnerability in Atlassian Hipchat
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
network
low complexity
atlassian CWE-94
6.5
2014-05-13 CVE-2012-6342 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Confluence Server 3.4.6
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.
network
atlassian CWE-352
6.8
2014-03-09 CVE-2014-2314 Path Traversal vulnerability in Atlassian Jira
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
4.3
2014-03-09 CVE-2014-2313 Path Traversal vulnerability in Atlassian Jira
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.
4.3
2013-08-20 CVE-2013-5319 Cross-Site Scripting vulnerability in Atlassian Jira
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
network
atlassian CWE-79
4.3
2012-05-22 CVE-2012-2928 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
network
low complexity
atlassian gliffy CWE-264
6.4
2012-05-22 CVE-2012-2927 Resource Management Errors vulnerability in TM Software Tempo, Tempo6.3.0 and Tempo6.3.2
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
network
low complexity
tm-software atlassian CWE-399
4.0
2012-05-22 CVE-2012-2926 Unspecified vulnerability in Atlassian products
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
network
low complexity
atlassian
6.4