Latest Atlassian Vulnerabilities

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, al...
Atlassian Confluence Data Center>=7.19.0<7.19.17
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.17
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8....
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 ...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server
Atlassian Confluence Data Center>=8.0.0<8.5.4
Atlassian Confluence Data Center>=8.7.0<8.7.1
Atlassian Confluence Server>=8.0.0<8.5.4
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
and 2 more
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Asset...
>=1.0.0<3.2.0
>=1.0.0<=3.1.11
>=6.0.0<6.2.0
>=1.0.0<=3.1.11
>=6.0.0<6.2.0
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and Mac...
Atlassian Companion>=1.0.0<2.0.0
Apple macOS
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
Atlassian Confluence Data Center>=4.0<7.19.17
Atlassian Confluence Data Center>=8.0.0<8.4.5
Atlassian Confluence Data Center>=8.5.0<8.5.4
Atlassian Confluence Data Center>=8.6.0<8.6.2
Atlassian Confluence Data Center=8.7.0
Atlassian Confluence Server>=4.0<7.19.17
and 2 more
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Executio...
Atlassian Bamboo>=8.1.0<9.2.7
Atlassian Bamboo>=9.3.0<9.3.4
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8....
Atlassian Crowd>=3.4.0<5.1.6
Atlassian Crowd=5.2.0
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center>=1.0.0<7.19.16
Atlassian Confluence Data Center>=7.20.0<8.3.4
Atlassian Confluence Data Center>=8.4.0<8.4.4
Atlassian Confluence Data Center>=8.5.0<8.5.3
Atlassian Confluence Data Center=8.6.0
Atlassian Confluence Server>=1.0.0<7.19.16
and 5 more
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center>=8.0.0<8.3.3
Atlassian Confluence Data Center>=8.4.0<8.4.3
Atlassian Confluence Data Center>=8.5.0<8.5.2
Atlassian Confluence Server>=8.0.0<8.3.3
Atlassian Confluence Server>=8.4.0<8.4.3
Atlassian Confluence Server>=8.5.0<8.5.2
and 1 more
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8...
Atlassian Bitbucket Data Center>=8.9.0<8.9.5
Atlassian Bitbucket Data Center>=8.10.0<8.10.5
Atlassian Bitbucket Data Center>=8.11.0<8.11.4
Atlassian Bitbucket Data Center>=8.12.0<8.12.2
Atlassian Bitbucket Data Center=8.13.0
Atlassian Bitbucket Server>=8.9.0<8.9.5
and 4 more
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Amd Epyc 7351p Firmware
Amd Epyc 7351p
Amd Epyc 7401p Firmware
Amd Epyc 7401p
and 349 more
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.   This Injection and RCE (Remote Code Executi...
Atlassian Bamboo Data Center>=8.0.0<9.2.3
Atlassian Bamboo Server>=8.0.0<9.2.3
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=6.1.0<7.13.20
Atlassian Confluence Data Center>=7.14.0<7.19.8
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server>=6.1.0<7.13.20
Atlassian Confluence Server>=7.14.0<7.19.8
Atlassian Confluence Server>=7.20.0<8.2.0
and 2 more
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=8.0.0<8.3.2
Atlassian Confluence Server>=8.0.0<8.3.2
ThinuTech ThinuCMS author_posts.php cross site scripting
Thinutech Thinu-cms=1.5
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
and 20 more
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability ...
Atlassian Confluence Server<7.13.17
Atlassian Confluence Server>=7.14.0<7.19.9
Atlassian Confluence Server>=7.20.0<8.2.2
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...
Atlassian Confluence Data Center<7.13.15
Atlassian Confluence Data Center>=7.14.0<7.19.7
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server<7.13.15
Atlassian Confluence Server>=7.14.0<7.19.7
Atlassian Confluence Server>=7.20.0<8.2.0
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management insta...
Atlassian Jira Service Management>=5.3.0<5.3.3
Atlassian Jira Service Management>=5.3.0<5.3.3
Atlassian Jira Service Management>=5.4.0<5.4.2
Atlassian Jira Service Management>=5.4.0<5.4.2
Atlassian Jira Service Management=5.5.0
Atlassian Jira Service Management=5.5.0
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbi...
Atlassian Bitbucket>=7.0.0<7.6.19
Atlassian Bitbucket>=7.7.0<7.17.12
Atlassian Bitbucket>=7.18.0<7.21.6
Atlassian Bitbucket>=7.22.0<8.0.5
Atlassian Bitbucket>=8.1.0<8.1.5
Atlassian Bitbucket>=8.2.0<8.2.4
and 2 more
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName p...
Atlassian Confluence Data Center<1.3.5
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center<1.3.5
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This ...
Atlassian Jira Align<10.109.2
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to...
Atlassian Jira Align<10.109.2
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
Atlassian Bitbucket>=7.0.0<7.6.17
Atlassian Bitbucket>=7.7.0<7.17.10
Atlassian Bitbucket>=7.18.0<7.21.4
Atlassian Bitbucket>=8.0.0<8.0.3
Atlassian Bitbucket>=8.1.0<8.1.3
Atlassian Bitbucket>=8.2.0<8.2.2
and 2 more
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the Team...
Atlassian Jira Data Center<8.20.8
Atlassian Jira Server<8.20.8
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in...
Atlassian Jira Service Management<4.22.2
Atlassian Jira Service Management<4.22.2
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center all...
Atlassian Jira Data Center<8.13.19
Atlassian Jira Data Center>=8.14.0<8.20.7
Atlassian Jira Data Center>=8.21.0<8.22.1
Atlassian Jira Server<8.13.19
Atlassian Jira Server>=8.14.0<8.20.7
Atlassian Jira Server>=8.21.0<8.22.1
Atlassian Jira Service Desk<4.13.20
Atlassian Jira Service Desk<4.13.20
Atlassian Jira Service Management>=4.14.0<4.20.8
Atlassian Jira Service Management>=4.14.0<4.20.8
Atlassian Jira Service Management>=4.21.0<4.22.2
Atlassian Jira Service Management>=4.21.0<4.22.2
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to ...
Atlassian Confluence Data Center<7.4.5
Atlassian Confluence Data Center>=7.5.0<7.6.3
Atlassian Confluence Data Center>=7.7.0<7.7.4
Atlassian Confluence Server<7.4.5
Atlassian Confluence Server>=7.5.0<7.6.3
Atlassian Confluence Server>=7.7.0<7.7.4
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence=2.7.34
Atlassian Questions For Confluence=2.7.35
Atlassian Questions For Confluence=3.0.2
Atlassian Confluence Data Center
Atlassian Confluence Server
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Data Center>=1.3<7.4.17
Atlassian Confluence Data Center>=7.13.0<7.13.7
Atlassian Confluence Data Center>=7.14.0<7.14.3
Atlassian Confluence Data Center>=7.15.0<7.15.2
Atlassian Confluence Data Center>=7.16.0<7.16.4
and 9 more
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior t...
Atlassian Bitbucket Data Center>=5.14.0<7.6.14
Atlassian Bitbucket Data Center>=7.7.0<7.17.6
Atlassian Bitbucket Data Center>=7.18.0<7.18.4
Atlassian Bitbucket Data Center>=7.19.0<7.19.4
Atlassian Bitbucket Data Center=7.20.0
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versio...
Atlassian Jira Data Center<8.13.8
Atlassian Jira Data Center>=8.14.0<8.20.6
Atlassian Jira Data Center>=8.21.0<8.22.0
Atlassian Jira Server<8.13.8
Atlassian Jira Server>=8.14.0<8.20.6
Atlassian Jira Server>=8.21.0<8.22.0
and 6 more
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 2 more
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203