Fisheye and Crucible suffer from a remote code execution vulnerability through OGNL double evaluation. Versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
35ef4535e3daa3e68378bcdc040495f7a74cf8f45f2407bd08ca9a68199b42e0SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.
1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.
81936b182168b27dc4d9e1c13e26ed7b479fb032c93be23162cb3365c172323eThis advisory discloses a critical severity security vulnerability which was introduced in version 1.4.1 of Crowd. Versions of Crowd starting with 1.4.1 before 2.8.8 (the fixed version for 2.8.x) and from 2.9.0 before 2.9.5 (the fixed version for 2.9.x) are affected by this vulnerability. The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries.
00e91976667b938daa14e3aa6743fb0498e57d84e1eb456c7cb1f29f942fcf81The Atlassian HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
345b646185427493eb236fd026b44691cfbcfec6cebe1f1fb55177bfcea28fd7This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.
dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4HipChat Server versions below 2.0 build 1.4.1 suffer from vulnerabilities including code execution, insufficient shell characters, file deletion, file moving, local file read, and Server-Side Request Forgery.
51f7ff56cb32406c73d6232aee84e2cf2951d8dbfedaba6c3b94f1aa3ec2d083Bamboo suffers from deserialization and missing authentication check vulnerabilities. This advisory discloses multiple critical severity security vulnerabilities of which the earliest vulnerability was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.9.9 (the fixed version for 5.9.x) are vulnerable.
27f3a84e5ff5328e43491d29c853f00c327b6ccf574c0b242b8a87e43667a2daBamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface.
d92d7a7741f8085d106c9c636c2d5147d69c3234f902a1eccb57a0203ec89b96It was discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA. All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability. All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.
83c334c08327df0dc9754cc92b35813430f7bacb3e42061816848445100e76f0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed