Vulnerabilities > Atlassian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-29 | CVE-2019-20410 | Unspecified vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. | 6.5 |
| 2020-06-23 | CVE-2020-4028 | Information Exposure Through Discrepancy vulnerability in Atlassian Jira Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | 5.3 |
| 2020-06-03 | CVE-2020-4026 | Incorrect Authorization vulnerability in Atlassian Navigator Links 4.0.0/5.0.0/5.1.0 The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | 4.3 |
| 2020-06-01 | CVE-2020-4023 | Cross-site Scripting vulnerability in Atlassian Crucible The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 5.4 |
| 2020-06-01 | CVE-2020-4021 | Cross-site Scripting vulnerability in Atlassian products Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | 5.4 |
| 2020-06-01 | CVE-2020-4017 | Unspecified vulnerability in Atlassian Crucible The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | 5.3 |
| 2020-06-01 | CVE-2020-4016 | Unspecified vulnerability in Atlassian Crucible The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 5.3 |
| 2020-06-01 | CVE-2020-4015 | Unspecified vulnerability in Atlassian Crucible The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 4.3 |
| 2020-06-01 | CVE-2020-4014 | Unspecified vulnerability in Atlassian Crucible The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 4.3 |
| 2020-06-01 | CVE-2020-4013 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | 5.4 |