Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-16 | CVE-2018-13399 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Fisheye The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
| 2018-07-24 | CVE-2018-13386 | Argument Injection or Modification vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. | 8.1 |
| 2018-07-09 | CVE-2018-1000617 | Improper Input Validation vulnerability in Atlassian Floodlight Controller Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. | 7.5 |
| 2018-05-16 | CVE-2018-5231 | Unspecified vulnerability in Atlassian Jira The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | 7.5 |
| 2018-04-25 | CVE-2018-5226 | Unspecified vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. | 8.8 |
| 2018-04-04 | CVE-2017-18096 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Application Links The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. | 7.2 |
| 2018-03-29 | CVE-2018-5224 | Improper Input Validation vulnerability in Atlassian Bamboo Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. | 8.8 |
| 2018-03-29 | CVE-2018-5223 | Improper Input Validation vulnerability in Atlassian Crucible and Fisheye Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. | 7.2 |
| 2018-02-15 | CVE-2017-18087 | Unspecified vulnerability in Atlassian Bitbucket The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | 7.5 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |