Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2018-5224 | Improper Input Validation vulnerability in Atlassian Bamboo Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. | 8.8 |
| 2018-03-29 | CVE-2018-5223 | Improper Input Validation vulnerability in Atlassian Crucible and Fisheye Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. | 7.2 |
| 2018-02-15 | CVE-2017-18087 | Unspecified vulnerability in Atlassian Bitbucket The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | 7.5 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-01-26 | CVE-2017-14593 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-26 | CVE-2017-14592 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2017-12-05 | CVE-2017-16857 | Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. | 8.5 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-10-12 | CVE-2017-9514 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. | 8.8 |