atlassian
468 tracked vulnerabilities.
CVE-2017-18107
MEDIUM
Atlassian Crowd < 3.1.1 - Cross-Site Request Forgery in Demo Application
Dec 17, 2019
CVSS 6.5
EPSS 0.00
CVE-2017-18111
HIGH
Atlassian Application Links <5.0.10, 5.1.0-5.1.3, 5.2.0-5.2.6 - XML External Entity Injection via OAuthHelper
Mar 29, 2019
CVSS 8.7
EPSS 0.00
CVE-2017-18110
MEDIUM
Atlassian Crowd < 3.0.2 and 3.1.0 - XML External Entity Injection via Backup Restore
Mar 29, 2019
CVSS 6.5
EPSS 0.00
CVE-2017-18109
MEDIUM
Atlassian Crowd < 3.0.2 and 3.1.0 < 3.1.1 - Open Redirect via Login Resource
Mar 29, 2019
CVSS 6.1
EPSS 0.00
CVE-2017-18108
HIGH
Atlassian Crowd < 2.10.2 - Authenticated Remote Code Execution via JNDI Injection
Mar 29, 2019
CVSS 7.2
EPSS 0.02
CVE-2017-18106
HIGH
Atlassian Crowd < 2.9.1 - Authenticated Session Hijacking via Identifier Hash Collision
Mar 29, 2019
CVSS 7.5
EPSS 0.01
CVE-2017-18105
HIGH
Atlassian Crowd <3.0.2, >3.1.0-<3.1.1 - Session Fixation
Mar 29, 2019
CVSS 8.1
EPSS 0.01
CVE-2017-18104
MEDIUM
Atlassian Jira <7.6.7 and 7.7.0-7.11.0 - Exposure of Sensitive Information via Webhooks
Jul 24, 2018
CVSS 5.9
EPSS 0.00
CVE-2017-18103
MEDIUM
atlassian-http < 2.0.2 - Content Spoofing via application/mathml+xml Upload
Jul 18, 2018
CVSS 4.7
EPSS 0.00
CVE-2017-16859
MEDIUM
Atlassian Crucible and Fisheye < 4.3.2, 4.4.0-4.4.3 - Path Traversal via Review Attachment Command Parameter
Jun 28, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-16860
MEDIUM
Atlassian Application Links <5.2.7, <5.3.0-<5.3.4, <5.4.0-<5.4.3 - XSS
May 14, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-18102
MEDIUM
Jira Server 7.5.0-7.6.8 - Cross-Site Scripting in Wiki Markup Component
Apr 17, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-18101
MEDIUM
Atlassian JIRA <7.6.5, 7.7.0-7.7.3, 7.8.0-7.8.3 - Unauthenticated Import Execution
Apr 10, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-18100
MEDIUM
Jira < 7.8.1 - Stored Cross-Site Scripting via Quick Filter Name
Apr 10, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-18098
MEDIUM
Atlassian Jira < 7.6.1 - Cross-Site Scripting via Search Request XML Resource
Apr 06, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-18097
MEDIUM
Atlassian Jira < 7.6.1 - Stored Cross-Site Scripting via Trello Card Title Import
Apr 06, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-18096
HIGH
Atlassian Application Links <5.2.7, 5.3.0-5.3.4, 5.4.0-5.4.3 - Server-Side Request Forgery
Apr 04, 2018
CVSS 7.2
EPSS 0.00
CVE-2017-18094
MEDIUM
Atlassian Fisheye and Crucible < 4.4.3 - Authenticated Stored Cross-Site Scripting via Repository Base Path
Mar 22, 2018
CVSS 4.8
EPSS 0.00
CVE-2017-18095
MEDIUM
Atlassian Crucible < 4.5.1 - Unauthenticated Improper Authorization in SnippetRPCServiceImpl
Feb 19, 2018
CVSS 5.3
EPSS 0.00
CVE-2017-18093
MEDIUM
Atlassian Fisheye and Crucible 4.4.0-4.4.2 - Cross-Site Scripting via Repository Location Setting
Feb 19, 2018
CVSS 4.8
EPSS 0.00
CVE-2017-18092
MEDIUM
Atlassian Crucible < 4.4.3 - Cross-Site Scripting via Print Snippet Comment
Feb 19, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-18091
MEDIUM
Atlassian Fisheye and Crucible 4.4.0-4.4.2 - Authenticated Stored Cross-Site Scripting via Backup Filename
Feb 16, 2018
CVSS 4.8
EPSS 0.00
CVE-2017-18090
MEDIUM
Atlassian Fisheye < 4.5.1 and < 4.6.0 - Stored Cross-Site Scripting via Commit Author Name
Feb 16, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-18089
MEDIUM
Atlassian Crucible 4.4.0-4.4.2 - Stored Cross-Site Scripting via Invited Reviewers
Feb 16, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-18088
MEDIUM
Atlassian Bitbucket 5.3.0-5.3.6 5.4.0-5.4.5 5.5.0-5.5.5 5.6.0-5.6.2 5.7.0 - Clickjacking via Plugin Servlet Resources
Feb 15, 2018
CVSS 4.3
EPSS 0.00
Products
jira 142
jira_server 135
jira_data_center 79
crucible 52
fisheye 52
confluence_server 49
jira_software_data_center 39
data_center 38
confluence_data_center 36
bamboo 24
crowd 24
bitbucket 20
confluence 19
jira_service_management 16
sourcetree 15
jira_align 13
jira_service_desk 12
application_links 7
Atlassian Fisheye and Crucible 5
hipchat 5
agiloft 4
floodlight 4
Bamboo 3
bitbucket_data_center 3
companion 3
hipchat_server 3
questions_for_confluence 3
universal_plugin_manager 3
Atlassian Crucible 2
Bamboo Data Center 2
Quick Filters