Latest Atlassian Vulnerabilities

CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
CVE-2024-21673
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8....
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2024-21672
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 ...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2023-22526
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, al...
Atlassian Confluence Data Center>=7.19.0<7.19.17
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.17
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2024-21674
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6...
Atlassian Confluence Data Center>=7.19.0<7.19.18
Atlassian Confluence Data Center>=8.5.0<8.5.5
Atlassian Confluence Data Center>=8.7.0<8.7.2
Atlassian Confluence Server>=7.19<7.19.18
Atlassian Confluence Server>=8.5.0<8.5.5
Atlassian Confluence Server>=8.7.0<=8.7.2
CVE-2023-22527
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server
Atlassian Confluence Data Center>=8.0.0<8.5.4
Atlassian Confluence Data Center>=8.7.0<8.7.1
Atlassian Confluence Server>=8.0.0<8.5.4
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
and 2 more
CVE-2023-34064
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
CVE-2023-35641
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-22522
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
Atlassian Confluence Data Center>=4.0<7.19.17
Atlassian Confluence Data Center>=8.0.0<8.4.5
Atlassian Confluence Data Center>=8.5.0<8.5.4
Atlassian Confluence Data Center>=8.6.0<8.6.2
Atlassian Confluence Data Center=8.7.0
Atlassian Confluence Server>=4.0<7.19.17
and 2 more
CVE-2023-22523
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Asset...
>=1.0.0<3.2.0
>=1.0.0<=3.1.11
>=6.0.0<6.2.0
>=1.0.0<=3.1.11
>=6.0.0<6.2.0
CVE-2023-22524
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and Mac...
Atlassian Companion>=1.0.0<2.0.0
Apple macOS
CVE-2023-33063
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
CVE-2023-33106
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
CVE-2023-33107
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
CVE-2023-22521
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8....
Atlassian Crowd>=3.4.0<5.1.6
Atlassian Crowd=5.2.0
CVE-2023-22516
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Executio...
Atlassian Bamboo>=8.1.0<9.2.7
Atlassian Bamboo>=9.3.0<9.3.4
CVE-2023-22518
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center>=1.0.0<7.19.16
Atlassian Confluence Data Center>=7.20.0<8.3.4
Atlassian Confluence Data Center>=8.4.0<8.4.4
Atlassian Confluence Data Center>=8.5.0<8.5.3
Atlassian Confluence Data Center=8.6.0
Atlassian Confluence Server>=1.0.0<7.19.16
and 5 more
CVE-2023-22515
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center>=8.0.0<8.3.3
Atlassian Confluence Data Center>=8.4.0<8.4.3
Atlassian Confluence Data Center>=8.5.0<8.5.2
Atlassian Confluence Server>=8.0.0<8.3.3
Atlassian Confluence Server>=8.4.0<8.4.3
Atlassian Confluence Server>=8.5.0<8.5.2
and 1 more
CVE-2023-22513
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8...
Atlassian Bitbucket Data Center>=8.9.0<8.9.5
Atlassian Bitbucket Data Center>=8.10.0<8.10.5
Atlassian Bitbucket Data Center>=8.11.0<8.11.4
Atlassian Bitbucket Data Center>=8.12.0<8.12.2
Atlassian Bitbucket Data Center=8.13.0
Atlassian Bitbucket Server>=8.9.0<8.9.5
and 4 more
CVE-2023-20588
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Amd Epyc 7351p Firmware
Amd Epyc 7351p
Amd Epyc 7401p Firmware
Amd Epyc 7401p
and 349 more
CVE-2023-22506
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.   This Injection and RCE (Remote Code Executi...
Atlassian Bamboo Data Center>=8.0.0<9.2.3
Atlassian Bamboo Server>=8.0.0<9.2.3
CVE-2023-22508
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=6.1.0<7.13.20
Atlassian Confluence Data Center>=7.14.0<7.19.8
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server>=6.1.0<7.13.20
Atlassian Confluence Server>=7.14.0<7.19.8
Atlassian Confluence Server>=7.20.0<8.2.0
and 2 more
CVE-2023-22505
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability...
Atlassian Confluence Data Center>=8.0.0<8.3.2
Atlassian Confluence Server>=8.0.0<8.3.2
CVE-2023-3541
ThinuTech ThinuCMS author_posts.php cross site scripting
Thinutech Thinu-cms=1.5
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
and 20 more
CVE-2023-22504
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability ...
Atlassian Confluence Server<7.13.17
Atlassian Confluence Server>=7.14.0<7.19.9
Atlassian Confluence Server>=7.20.0<8.2.2
CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...
Atlassian Confluence Data Center<7.13.15
Atlassian Confluence Data Center>=7.14.0<7.19.7
Atlassian Confluence Data Center>=7.20.0<8.2.0
Atlassian Confluence Server<7.13.15
Atlassian Confluence Server>=7.14.0<7.19.7
Atlassian Confluence Server>=7.20.0<8.2.0
CVE-2023-22501
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management insta...
Atlassian Jira Service Management>=5.3.0<5.3.3
Atlassian Jira Service Management>=5.3.0<5.3.3
Atlassian Jira Service Management>=5.4.0<5.4.2
Atlassian Jira Service Management>=5.4.0<5.4.2
Atlassian Jira Service Management=5.5.0
Atlassian Jira Service Management=5.5.0
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbi...
Atlassian Bitbucket>=7.0.0<7.6.19
Atlassian Bitbucket>=7.7.0<7.17.12
Atlassian Bitbucket>=7.18.0<7.21.6
Atlassian Bitbucket>=7.22.0<8.0.5
Atlassian Bitbucket>=8.1.0<8.1.5
Atlassian Bitbucket>=8.2.0<8.2.4
and 2 more
CVE-2022-42977
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName p...
Atlassian Confluence Data Center<1.3.5
CVE-2022-42978
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center<1.3.5
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This ...
Atlassian Jira Align<10.109.2
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to...
Atlassian Jira Align<10.109.2
CVE-2022-36804
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
Atlassian Bitbucket>=7.0.0<7.6.17
Atlassian Bitbucket>=7.7.0<7.17.10
Atlassian Bitbucket>=7.18.0<7.21.4
Atlassian Bitbucket>=8.0.0<8.0.3
Atlassian Bitbucket>=8.1.0<8.1.3
Atlassian Bitbucket>=8.2.0<8.2.2
and 2 more
CVE-2022-36801
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the Team...
Atlassian Jira Data Center<8.20.8
Atlassian Jira Server<8.20.8
CVE-2022-36800
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in...
Atlassian Jira Service Management<4.22.2
Atlassian Jira Service Management<4.22.2
CVE-2022-36799
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center all...
Atlassian Jira Data Center<8.13.19
Atlassian Jira Data Center>=8.14.0<8.20.7
Atlassian Jira Data Center>=8.21.0<8.22.1
Atlassian Jira Server<8.13.19
Atlassian Jira Server>=8.14.0<8.20.7
Atlassian Jira Server>=8.21.0<8.22.1
CVE-2021-43959
Atlassian Jira Service Desk<4.13.20
Atlassian Jira Service Desk<4.13.20
Atlassian Jira Service Management>=4.14.0<4.20.8
Atlassian Jira Service Management>=4.14.0<4.20.8
Atlassian Jira Service Management>=4.21.0<4.22.2
Atlassian Jira Service Management>=4.21.0<4.22.2
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to ...
Atlassian Confluence Data Center<7.4.5
Atlassian Confluence Data Center>=7.5.0<7.6.3
Atlassian Confluence Data Center>=7.7.0<7.7.4
Atlassian Confluence Server<7.4.5
Atlassian Confluence Server>=7.5.0<7.6.3
Atlassian Confluence Server>=7.7.0<7.7.4
CVE-2022-26138
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence=2.7.34
Atlassian Questions For Confluence=2.7.35
Atlassian Questions For Confluence=3.0.2
Atlassian Confluence Data Center
Atlassian Confluence Server
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26134
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Data Center>=1.3<7.4.17
Atlassian Confluence Data Center>=7.13.0<7.13.7
Atlassian Confluence Data Center>=7.14.0<7.14.3
Atlassian Confluence Data Center>=7.15.0<7.15.2
Atlassian Confluence Data Center>=7.16.0<7.16.4
and 9 more
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior t...
Atlassian Bitbucket Data Center>=5.14.0<7.6.14
Atlassian Bitbucket Data Center>=7.7.0<7.17.6
Atlassian Bitbucket Data Center>=7.18.0<7.18.4
Atlassian Bitbucket Data Center>=7.19.0<7.19.4
Atlassian Bitbucket Data Center=7.20.0
CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versio...
Atlassian Jira Data Center<8.13.8
Atlassian Jira Data Center>=8.14.0<8.20.6
Atlassian Jira Data Center>=8.21.0<8.22.0
Atlassian Jira Server<8.13.8
Atlassian Jira Server>=8.14.0<8.20.6
Atlassian Jira Server>=8.21.0<8.22.0
and 6 more
CVE-2021-39114
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...
Atlassian Confluence Data Center<6.13.23
Atlassian Confluence Data Center>=6.14.0<7.4.11
Atlassian Confluence Data Center>=7.5.0<7.11.6
Atlassian Confluence Data Center>=7.12.0<7.12.5
Atlassian Confluence Server<6.13.23
Atlassian Confluence Server>=6.14.0<7.4.11
and 2 more
CVE-2021-43958
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203