Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-22 | CVE-2021-26070 | Improper Authentication vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. | 7.2 |
| 2021-02-22 | CVE-2021-26068 | Injection vulnerability in Atlassian Jira Server for Slack An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 8.8 |
| 2021-02-19 | CVE-2020-12873 | Injection vulnerability in Atlassian Alfresco Enterprise Content Management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. | 8.8 |
| 2021-02-18 | CVE-2020-36233 | Incorrect Default Permissions vulnerability in Atlassian Bitbucket The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
| 2020-11-25 | CVE-2020-14190 | Resource Exhaustion vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 7.5 |
| 2020-11-25 | CVE-2020-14191 | Unspecified vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 7.5 |
| 2020-10-01 | CVE-2019-20902 | Unspecified vulnerability in Atlassian Crowd Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. | 7.5 |
| 2020-09-01 | CVE-2020-14178 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. | 7.5 |
| 2020-07-13 | CVE-2019-20898 | Unspecified vulnerability in Atlassian Jira Software Data Center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. | 7.5 |
| 2020-07-03 | CVE-2019-20419 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. | 7.8 |