Latest atlassian fisheye Vulnerabilities

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disc...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the f...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network ...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. T...
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected vers...
Atlassian Crucible<4.8.5
Atlassian FishEye<4.8.5
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassia...
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are be...
Atlassian FishEye<4.8.3
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability throug...
Atlassian Crucible<4.8.2
Atlassian FishEye<4.8.2
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the rev...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authoriz...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configure...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner...
Atlassian Crucible<4.7.3
Atlassian FishEye<4.7.3
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the nam...
Atlassian Crucible<4.7.3
Atlassian FishEye<4.7.3
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper aut...
Atlassian Crucible<4.8.0
Atlassian FishEye<4.8.0
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to ...
Atlassian Troubleshooting and Support<1.17.2
Atlassian Bamboo<6.10.2
Atlassian Bitbucket<6.6.0
Atlassian Confluence<7.0.1
Atlassian Crowd<3.6.0
Atlassian Crucible<4.7.2
and 2 more
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabi...
Atlassian Crucible<4.7.0
Atlassian FishEye<4.7.0
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili...
Atlassian Crucible<4.7.0
Atlassian FishEye<4.7.0
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
Atlassian Crucible<4.6.1
Atlassian FishEye<4.6.1
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnera...
Atlassian Crucible<4.5.4
Atlassian FishEye<4.5.4
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue ke...
Atlassian Crucible<4.6.0
Atlassian FishEye<4.6.0

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203