what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Atlassian

Email addresssecurity at atlassian.com
First Active2017-06-16
Last Active2021-07-27
Jira Ehcache RMI Missing Authentication
Posted Jul 27, 2021
Authored by Atlassian

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.

tags | advisory, arbitrary
advisories | CVE-2020-36239
SHA-256 | 1d1e7afd06b6338674555bdc5902d12019ece6717146ea1deddafa1c4ec2dfff
Atlassian Confluence Man-In-The-Middle
Posted Dec 20, 2019
Authored by Atlassian

Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.

tags | advisory
advisories | CVE-2019-15006
SHA-256 | 210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027
Jira Service Desk Server / Data Center Path Traversal
Posted Nov 8, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-15003, CVE-2019-15004
SHA-256 | 7080e92a97a87f926d87df454a396848f9491f786060cbd25b9c83577cc2efa3
Jira Server / Data Center Template Injection
Posted Sep 25, 2019
Authored by Atlassian

Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.

tags | advisory
advisories | CVE-2019-15001
SHA-256 | 9506b8cb8908b8c285b6269247edf4b6b2be0b43fcb2a0b7d2fa9067b0e39019
Bitbucket Server / Data Center Argument Injection
Posted Sep 25, 2019
Authored by Atlassian

Bitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affected include those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 up to 6.4.3, and 6.5.0 up to 6.5.2.

tags | advisory
advisories | CVE-2019-15000
SHA-256 | f74fc41b48501d9f142c1aee97abb78b90b5831e3806ca134f9a53e9580e340f
Jira Service Desk Server And Data Center Path Traversal
Posted Sep 22, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-14994
SHA-256 | 1bd78cc6d3d45eea1fb1efadb1e82ae16a452e32f277d1510a2aaea4b0c5fff9
Confluence Server Local File Disclosure
Posted Aug 31, 2019
Authored by Atlassian

Confluence Server versions 6.1.0 up to 6.6.16, 6.7.0 up to 6.13.7, and 6.14.0 up to 6.15.8 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2019-3394
SHA-256 | 63bb40486cc6b4b0d9ad286552ee4301273147e9803d97e67d4568a9f4d18289
Crowd / Crowd Data Center pdkinstall Enabled
Posted May 27, 2019
Authored by Atlassian

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. Versions of Crowd and Crowd Data Center starting with version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2019-11580
SHA-256 | 985c2d75d6a00aea412d56a69bb859b3edd00658270d8705e9aa0d84f96b275d
Bitbucket Path Traversal / Remote Code Execution
Posted May 23, 2019
Authored by Atlassian

Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution, file inclusion
advisories | CVE-2019-3397
SHA-256 | eb7fab9f199284bc9dc00a27ebbd15225692c071a07f834c3e67ddca2bd8df05
Confluence Server / Data Center Path Traversal
Posted Apr 24, 2019
Authored by Atlassian

Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.

tags | advisory, file inclusion
advisories | CVE-2019-3398
SHA-256 | 54a6bf44997071eacfb8aca90470a91c600400151badba57559e2a382f7bcf17
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
advisories | CVE-2019-3395, CVE-2019-3396
SHA-256 | 6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74
Sourcetree Git Arbitrary Code Execution / URL Handling
Posted Mar 21, 2019
Authored by Atlassian, Terry Zhang

Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.

tags | advisory, vulnerability, code execution
systems | windows
advisories | CVE-2018-17456, CVE-2018-20234, CVE-2018-20235, CVE-2018-20236
SHA-256 | b0d0c095cbfecc82d058925a21b052e5cd29e36b802d25a05e5dae99f9f856dc
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
SHA-256 | 32eacd269abd3e89eabbc766ac7946e1762c239c4e1ea7feaf37f59de4e0886f
Atlassian Bamboo 6.x Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5224
SHA-256 | 72579ac313380df47c8c8323c109ad9176469f5b6f3eb57353d5dbbf09343433
Atlassian Fisheye / Crucible 4.5.2 Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5223
SHA-256 | ba67c38eb49b7df19fab03d44e80e38c02272f017da74579304e5379d19578f7
SourceTree Remote Command Injection
Posted Feb 1, 2018
Authored by Atlassian

Sourcetree for macOS versions 1.0b2 up to 2.7.0 and Sourcetree for Windows versions 0.5.1.0 up to 2.4.7.0 suffers from multiple command injection vulnerabilities.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2017-14592, CVE-2017-14593, CVE-2017-17458, CVE-2017-17831
SHA-256 | d2c94b00ad0ef81396b3578120ab94bfa7b4948ed21552a912349549577784ea
Atlassian Bamboo Code Execution / Argument Injection
Posted Jan 3, 2018
Authored by Atlassian

Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-14589, CVE-2017-14590
SHA-256 | fca84ac002b1e70651aa751b7a890b5e69d0d5a6286d654049f33496dfc1b566
Fisheye / Crucible 4.4.x / 4.5.x Code Execution
Posted Dec 13, 2017
Authored by Atlassian

Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2017-14591
SHA-256 | 0bd5e815725597c657d0c5a6e093eb6974e09f7a3506b05998f40a13281f58a7
Bamboo 6.x Remote Code Execution
Posted Oct 27, 2017
Authored by Atlassian

Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2017-9514
SHA-256 | 5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520e
Bamboo 5.x / 6.x Incorrect Permission Check
Posted Jun 16, 2017
Authored by Atlassian

Bamboo versions prior to 5.15.7 and 6.0.1 suffer from an incorrect permission check.

tags | advisory
advisories | CVE-2017-8907
SHA-256 | f665db424dfe7878fbf9a2575c1b4a5604918b34c770adf075efc1af7356cc9e
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close