Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-22508
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated malicious user to execute...
Atlassian Confluence Data Center
Atlassian Confluence Server
1 Github repository
8.8
CVSSv3
CVE-2023-22505
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated malicious user to execute a...
Atlassian Confluence Data Center
Atlassian Confluence Server
8.8
CVSSv3
CVE-2023-30607
icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is ...
Icinga Icinga Web Jira Integration
5.4
CVSSv3
CVE-2023-36662
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 up to and including 2.17.1, User Management for Confluence 2.0.0 up to and including 2.15.24, and User Management for Bitbuck...
Techtime User Management
6.5
CVSSv3
CVE-2023-22504
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
Atlassian Confluence Server
5.3
CVSSv3
CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote malicious users to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerabil...
Atlassian Confluence Data Center
Atlassian Confluence Server
9.1
CVSSv3
CVE-2023-22501
An authentication vulnerability exists in Jira Service Management Server and Data Center which allows an malicious user to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgo...
Atlassian Jira Service Management
Atlassian Jira Service Management 5.5.0
1 Github repository
9.8
CVSSv3
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbu...
Atlassian Bitbucket
9.8
CVSSv3
CVE-2022-43782
Affected versions of Atlassian Crowd allow an malicious user to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be explo...
Atlassian Crowd
7.5
CVSSv3
CVE-2022-42977
The Netic User Export add-on prior to 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be ...
Atlassian Confluence Data Center
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »