Vulnerabilities > Atlassian > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-24 CVE-2017-9511 Path Traversal vulnerability in Atlassian Crucible
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
network
low complexity
atlassian CWE-22
7.5
7.5
2017-08-24 CVE-2017-9512 Information Exposure vulnerability in Atlassian Crucible
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
network
low complexity
atlassian CWE-200
7.5
7.5
2017-06-14 CVE-2017-8907 Incorrect Authorization vulnerability in Atlassian Bamboo
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.
network
low complexity
atlassian CWE-863
8.8
8.8
2017-05-05 CVE-2017-8080 Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Hipchat Server
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
network
low complexity
atlassian CWE-434
8.8
8.8
2017-04-27 CVE-2017-7415 Information Exposure vulnerability in Atlassian Confluence Server
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
network
low complexity
atlassian CWE-200
7.5
7.5
2017-04-10 CVE-2016-4319 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
network
low complexity
atlassian CWE-352
8.8
8.8
2017-01-23 CVE-2016-6668 Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
network
low complexity
atlassian CWE-200
7.5
7.5