Vulnerabilities > Atlassian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |
| 2023-12-06 | CVE-2023-22524 | Unspecified vulnerability in Atlassian Companion Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. | 9.8 |
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |
| 2023-10-04 | CVE-2023-22515 | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |
| 2023-02-01 | CVE-2023-22501 | Improper Authentication vulnerability in Atlassian Jira Service Management An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. | 9.1 |
| 2022-11-17 | CVE-2022-43782 | Unspecified vulnerability in Atlassian Crowd Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 | 9.8 |
| 2022-11-17 | CVE-2022-43781 | Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. | 9.8 |
| 2022-06-03 | CVE-2022-26134 | Expression Language Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |
| 2022-04-20 | CVE-2022-0540 | Unspecified vulnerability in Atlassian Jira Data Center and Jira Service Management A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. | 9.8 |
| 2022-01-06 | CVE-2021-43947 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. | 9.0 |