Vulnerabilities > Atlassian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2019-3396 Path Traversal vulnerability in Atlassian Confluence
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
network
low complexity
atlassian CWE-22
critical
 10.0
10
2019-03-08 CVE-2018-20236 Command Injection vulnerability in Atlassian Sourcetree
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling.
network
atlassian CWE-77
critical
 9.3
9.3
2019-03-08 CVE-2018-20235 Unspecified vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories.
network
low complexity
atlassian
critical
 9.0
9.0
2019-03-08 CVE-2018-20234 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories.
network
low complexity
atlassian CWE-88
critical
 9.0
9.0
2018-11-05 CVE-2018-13397 Unspecified vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories.
network
low complexity
atlassian
critical
 9.0
9.0
2018-11-05 CVE-2018-13396 Unspecified vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories.
network
low complexity
atlassian
critical
 9.0
9.0
2018-03-29 CVE-2018-5224 Improper Input Validation vulnerability in Atlassian Bamboo
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters.
network
low complexity
atlassian microsoft CWE-20
critical
 9.0
9.0
2018-01-26 CVE-2017-14593 Command Injection vulnerability in Atlassian Sourcetree
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling.
network
low complexity
atlassian CWE-77
critical
 9.0
9.0
2018-01-26 CVE-2017-14592 Command Injection vulnerability in Atlassian Sourcetree
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling.
network
low complexity
atlassian CWE-77
critical
 9.0
9.0
2017-12-13 CVE-2017-14590 Unspecified vulnerability in Atlassian Bamboo
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters.
network
low complexity
atlassian
critical
 9.0
9.0