Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-01-26 | CVE-2017-14593 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-26 | CVE-2017-14592 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2017-12-05 | CVE-2017-16857 | Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. | 8.5 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-10-12 | CVE-2017-9514 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. | 8.8 |
| 2017-10-03 | CVE-2015-6576 | Code Injection vulnerability in Atlassian Bamboo Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | 8.8 |
| 2017-08-24 | CVE-2017-9511 | Path Traversal vulnerability in Atlassian Crucible The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | 7.5 |
| 2017-08-24 | CVE-2017-9512 | Information Exposure vulnerability in Atlassian Crucible The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | 7.5 |
| 2017-06-14 | CVE-2017-8907 | Incorrect Authorization vulnerability in Atlassian Bamboo Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. | 8.8 |