Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2010-1165
Atlassian JIRA 3.12 up to and including 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Atlassian Jira 3.12
Atlassian Jira 3.13.3
Atlassian Jira 3.13.1
Atlassian Jira 3.13.2
Atlassian Jira 4.1
Atlassian Jira 3.12.3
Atlassian Jira 3.13
Atlassian Jira 4.0.1
Atlassian Jira 4.0.2
Atlassian Jira 3.13.4
Atlassian Jira 3.12.1
Atlassian Jira 3.12.2
Atlassian Jira 3.13.5
Atlassian Jira 4.0
NA
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in au...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket 8.1.0
Atlassian Crowd
Atlassian Crowd 5.0.0
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Service Management
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Jira Service Desk
1 Article
NA
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with t...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket 8.1.0
Atlassian Crowd
Atlassian Crowd 5.0.0
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Service Management
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Jira Service Desk
1 Article
5.8
CVSSv2
CVE-2013-3925
Atlassian Crowd 2.5.x prior to 2.5.4, 2.6.x prior to 2.6.3, 2.3.8, and 2.4.9 allows remote malicious users to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity decla...
Atlassian Crowd 2.5.2
Atlassian Crowd 2.5.1
Atlassian Crowd 2.5.3
Atlassian Crowd 2.5.0
Atlassian Crowd 2.6.0
Atlassian Crowd 2.6.1
Atlassian Crowd 2.6.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.3.8
1 Article
3.5
CVSSv2
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 prior to 5.2.10, from version 5.3.0 prior to 5.3.6, from version 5.4.0 prior to 5.4.12, and from version 6.0.0 prior to 6.0.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scriptin...
Atlassian Application Links
Atlassian Fisheye
Atlassian Crucible
Atlassian Jira Server
Atlassian Jira Data Center
Atlassian Confluence Data Center
Atlassian Confluence Server
Atlassian Crowd
6.5
CVSSv2
CVE-2017-9514
Bamboo prior to 6.0.5, 6.1.x prior to 6.1.4, and 6.2.x prior to 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java ...
Atlassian Bamboo 6.0.4
Atlassian Bamboo 6.2.0
Atlassian Bamboo 6.1.0
Atlassian Bamboo 6.1.1
Atlassian Bamboo 6.0.1
Atlassian Bamboo 6.0.3
Atlassian Bamboo 6.0.0
Atlassian Bamboo 6.0.2
4
CVSSv2
CVE-2017-18037
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 prior to 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 prior to 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 prior to 5.1.8 (the fixed version for 5.1.x), from version 5....
Atlassian Bitbucket
Atlassian Bitbucket 5.5.2
Atlassian Bitbucket 5.5.3
Atlassian Bitbucket 5.5.4
Atlassian Bitbucket 5.5.5
Atlassian Bitbucket 5.5.0
Atlassian Bitbucket 5.5.6
4.3
CVSSv2
CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA prior to 6.0.5 allows remote malicious users to create arbitrary files via unspecified vectors.
Atlassian Jira
Atlassian Jira 6.0.3
Atlassian Jira 6.0.1
Atlassian Jira 6.0.2
Atlassian Jira 6.0
4.3
CVSSv2
CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA prior to 6.0.5 allows remote malicious users to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
Atlassian Jira 6.0.2
Atlassian Jira
Atlassian Jira 6.0
Atlassian Jira 6.0.1
Atlassian Jira 6.0.3
9.3
CVSSv2
CVE-2017-14591
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing malicious users to execute arbitrary code on a system running the impacted software.
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
Atlassian Fisheye 4.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »