Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2020-4019 | Untrusted Search Path vulnerability in Atlassian Companion The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | 7.8 |
| 2020-06-01 | CVE-2020-4018 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2020-02-06 | CVE-2019-20406 | Uncontrolled Search Path Element vulnerability in Atlassian Confluence The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | 7.8 |
| 2020-02-06 | CVE-2019-20400 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Server The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | 7.8 |
| 2020-02-06 | CVE-2019-20104 | XML Entity Expansion vulnerability in Atlassian Crowd The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. | 7.5 |
| 2020-01-15 | CVE-2019-20097 | Unspecified vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. | 8.8 |
| 2020-01-15 | CVE-2019-15012 | Improper Privilege Management vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center from version 4.13. | 8.8 |
| 2020-01-15 | CVE-2019-15010 | Command Injection vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. | 8.8 |
| 2019-12-13 | CVE-2019-13347 | Unspecified vulnerability in Atlassian Saml Single Sign on An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. | 7.5 |
| 2019-11-07 | CVE-2019-15004 | Path Traversal vulnerability in Atlassian Jira Service Desk The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. | 7.5 |