atlassian

468 tracked vulnerabilities.

CVE-2019-15006 MEDIUM
Confluence 6.11.0-6.13.9 and 6.14.0-6.15.9 - Man-in-the-Middle via Companion App Communication
Dec 19, 2019
CVSS 6.5
EPSS 0.08
CVE-2019-15013 MEDIUM
Jira < 7.13.12, 8.0.0-8.4.3, 8.5.0-8.5.2 - Authenticated Missing Authorization in WorkflowResource
Dec 18, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-15011 MEDIUM
Atlassian Application Links <5.0.12, 5.1.0-5.2.11, 5.3.0-5.3.7, 5.4.0-5.4.13, 6.0.0-6.0.5 - Information Disclosure
Dec 17, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-13347 HIGH
Atlassian SAML Single Sign On 2.4.0-3.0.3 3.1.0-3.2.2 - Unauthenticated Account Reactivation via SAML Attribute Update
Dec 13, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-15009 MEDIUM
Atlassian Fisheye/Crucible <4.8.0 - Auth Bypass
Dec 11, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-15008 MEDIUM
Atlassian Crucible and Fisheye < 4.7.3 - Cross-Site Scripting via Reviewed Branch Parameter
Dec 11, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-15007 MEDIUM
Atlassian Crucible and Fisheye < 4.7.3 - Stored Cross-Site Scripting via Missing Branch Name
Dec 11, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-15005 MEDIUM
Atlassian Troubleshooting and Support Tools < 1.17.2 - Unauthenticated Missing Authorization
Nov 08, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-15004 HIGH
Atlassian Jira Service Desk Path Traversal via Customer Context Filter
Nov 07, 2019
CVSS 7.5
EPSS 0.04
CVE-2019-15003 MEDIUM
Atlassian Jira Service Desk < 3.9.17 - Path Traversal
Nov 07, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-15001 HIGH
Atlassian Jira Server/Data Center RCE via Template Injection (7.0.10-8.4.0)
Sep 19, 2019
CVSS 7.2
EPSS 0.12
CVE-2019-15000 CRITICAL
Bitbucket OS Command Injection via Commit Diff Rest Endpoint
Sep 19, 2019
CVSS 9.8
EPSS 0.11
CVE-2019-14994 HIGH
Atlassian Jira Service Desk Path Traversal via Customer Context Filter
Sep 19, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-8451 MEDIUM NUCLEI
Jira Server 7.6.0-8.3.9 - Server-Side Request Forgery via Gadgets MakeRequest Endpoint
Sep 11, 2019
CVSS 6.5
EPSS 0.93
CVE-2019-8450 MEDIUM
Jira Server 7.13.0-7.13.5 and 8.0.0-8.3.9 - Authenticated Stored Cross-Site Scripting via Custom Field Name
Sep 11, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-8449 MEDIUM NUCLEI
Jira < 8.4.0 - Information Disclosure via Group User Picker Endpoint
Sep 11, 2019
CVSS 5.3
EPSS 0.71
CVE-2019-14998 MEDIUM
Jira Server 7.4.0-8.3.9 - Cross-Site Request Forgery Protection Bypass via Cookie Tossing
Sep 11, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-14997 MEDIUM
Jira Server 7.13.0-8.3.9 - Unauthenticated Information Exposure via AccessLogFilter Caching
Sep 11, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-14996 MEDIUM
Jira Server 7.12.0-7.13.6 & 8.0.0-8.3.2 - Stored XSS via FilterPickerPopup.jspa
Sep 11, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-14995 MEDIUM
Jira Server 7.6.0-8.3.9 - Unauthenticated Information Disclosure via Attachment Existence Check
Sep 11, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-3394 HIGH
Confluence 6.1.0-6.6.15, 6.7.0-6.13.6, 6.14.0-6.15.7 - Authenticated Local File Disclosure via Page Export
Aug 29, 2019
CVSS 8.8
EPSS 0.76
CVE-2019-8447 MEDIUM
Jira Server 7.13.0-8.3.1 - Cross-Site Request Forgery via ServiceExecutor Resource
Aug 23, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-8446 MEDIUM NUCLEI
Jira Server 7.6-8.3.1 - Unauthenticated Username Enumeration via Issue Navigation Endpoint
Aug 23, 2019
CVSS 5.3
EPSS 0.73
CVE-2019-8445 MEDIUM
Jira Server 7.13.0-7.13.6 and 8.0.0-8.3.1 - Unauthenticated Worklog Information Disclosure via Missing Authorization
Aug 23, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-8444 MEDIUM
Jira Server 7.7-7.13.5 and 8.0.0-8.3.1 - Cross-Site Scripting in Wikirenderer Image Attribute
Aug 23, 2019
CVSS 5.4
EPSS 0.00
Products
jira 142 jira_server 135 jira_data_center 79 crucible 52 fisheye 52 confluence_server 49 jira_software_data_center 39 data_center 38 confluence_data_center 36 bamboo 24 crowd 24 bitbucket 20 confluence 19 jira_service_management 16 sourcetree 15 jira_align 13 jira_service_desk 12 application_links 7 Atlassian Fisheye and Crucible 5 hipchat 5 agiloft 4 floodlight 4 Bamboo 3 bitbucket_data_center 3 companion 3 hipchat_server 3 questions_for_confluence 3 universal_plugin_manager 3 Atlassian Crucible 2 Bamboo Data Center 2
Quick Filters
Critical CVEs With Exploits In CISA KEV