Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-9512
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Atlassian Fisheye
Atlassian Crucible
7.5
CVSSv3
CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
Atlassian Crucible
Atlassian Fisheye
7.5
CVSSv3
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Atlassian Fisheye
Atlassian Crucible
6.5
CVSSv3
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 prior to 4.4.3 and before version 4.5.0 allows remote malicious users to read files contained within context path of the running application through a path traversal vulnerab...
Atlassian Crucible
Atlassian Fisheye
9.8
CVSSv3
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
6.1
CVSSv3
CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Atlassian Crucible
Atlassian Fisheye
9.1
CVSSv3
CVE-2012-2926
Atlassian JIRA prior to 5.0.1; Confluence prior to 3.5.16, 4.0 prior to 4.0.7, and 4.1 prior to 4.1.10; FishEye and Crucible prior to 2.5.8, 2.6 prior to 2.6.8, and 2.7 prior to 2.7.12; Bamboo prior to 3.3.4 and 3.4.x prior to 3.4.5; and Crowd prior to 2.0.9, 2.1 prior to 2.1.2, ...
Atlassian Bamboo
Atlassian Confluence
Atlassian Confluence Server
Atlassian Crowd
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira
1 EDB exploit
4.3
CVSSv3
CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration infor...
Atlassian Troubleshooting And Support
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Confluence
Atlassian Crowd
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira
5.4
CVSSv3
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 prior to 5.2.10, from version 5.3.0 prior to 5.3.6, from version 5.4.0 prior to 5.4.12, and from version 6.0.0 prior to 6.0.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scriptin...
Atlassian Application Links
Atlassian Fisheye
Atlassian Crucible
Atlassian Jira Server
Atlassian Jira Data Center
Atlassian Confluence Data Center
Atlassian Confluence Server
Atlassian Crowd
9.8
CVSSv3
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in au...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket 8.1.0
Atlassian Crowd
Atlassian Crowd 5.0.0
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Service Management
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Jira Service Desk
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »