what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files from Atlassian

Email addresssecurity at atlassian.com
First Active2017-06-16
Last Active2023-12-19
Atlassian Confluence Improper Authorization / Code Execution
Posted Dec 19, 2023
Authored by Atlassian, jheysel-r7 | Site metasploit.com

This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.

tags | exploit, code execution
advisories | CVE-2023-22518
SHA-256 | 26d73b4952befcec0a56b50c408cd4fd4e5babeec09700eba379dfb85cf91c39
Jira Ehcache RMI Missing Authentication
Posted Jul 27, 2021
Authored by Atlassian

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.

tags | advisory, arbitrary
advisories | CVE-2020-36239
SHA-256 | 1d1e7afd06b6338674555bdc5902d12019ece6717146ea1deddafa1c4ec2dfff
Atlassian Confluence Man-In-The-Middle
Posted Dec 20, 2019
Authored by Atlassian

Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.

tags | advisory
advisories | CVE-2019-15006
SHA-256 | 210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027
Jira Service Desk Server / Data Center Path Traversal
Posted Nov 8, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-15003, CVE-2019-15004
SHA-256 | 7080e92a97a87f926d87df454a396848f9491f786060cbd25b9c83577cc2efa3
Jira Server / Data Center Template Injection
Posted Sep 25, 2019
Authored by Atlassian

Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.

tags | advisory
advisories | CVE-2019-15001
SHA-256 | 9506b8cb8908b8c285b6269247edf4b6b2be0b43fcb2a0b7d2fa9067b0e39019
Bitbucket Server / Data Center Argument Injection
Posted Sep 25, 2019
Authored by Atlassian

Bitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affected include those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 up to 6.4.3, and 6.5.0 up to 6.5.2.

tags | advisory
advisories | CVE-2019-15000
SHA-256 | f74fc41b48501d9f142c1aee97abb78b90b5831e3806ca134f9a53e9580e340f
Jira Service Desk Server And Data Center Path Traversal
Posted Sep 22, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-14994
SHA-256 | 1bd78cc6d3d45eea1fb1efadb1e82ae16a452e32f277d1510a2aaea4b0c5fff9
Confluence Server Local File Disclosure
Posted Aug 31, 2019
Authored by Atlassian

Confluence Server versions 6.1.0 up to 6.6.16, 6.7.0 up to 6.13.7, and 6.14.0 up to 6.15.8 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2019-3394
SHA-256 | 63bb40486cc6b4b0d9ad286552ee4301273147e9803d97e67d4568a9f4d18289
Crowd / Crowd Data Center pdkinstall Enabled
Posted May 27, 2019
Authored by Atlassian

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. Versions of Crowd and Crowd Data Center starting with version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2019-11580
SHA-256 | 985c2d75d6a00aea412d56a69bb859b3edd00658270d8705e9aa0d84f96b275d
Bitbucket Path Traversal / Remote Code Execution
Posted May 23, 2019
Authored by Atlassian

Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution, file inclusion
advisories | CVE-2019-3397
SHA-256 | eb7fab9f199284bc9dc00a27ebbd15225692c071a07f834c3e67ddca2bd8df05
Confluence Server / Data Center Path Traversal
Posted Apr 24, 2019
Authored by Atlassian

Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.

tags | advisory, file inclusion
advisories | CVE-2019-3398
SHA-256 | 54a6bf44997071eacfb8aca90470a91c600400151badba57559e2a382f7bcf17
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
advisories | CVE-2019-3395, CVE-2019-3396
SHA-256 | 6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74
Sourcetree Git Arbitrary Code Execution / URL Handling
Posted Mar 21, 2019
Authored by Atlassian, Terry Zhang

Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.

tags | advisory, vulnerability, code execution
systems | windows
advisories | CVE-2018-17456, CVE-2018-20234, CVE-2018-20235, CVE-2018-20236
SHA-256 | b0d0c095cbfecc82d058925a21b052e5cd29e36b802d25a05e5dae99f9f856dc
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
SHA-256 | 32eacd269abd3e89eabbc766ac7946e1762c239c4e1ea7feaf37f59de4e0886f
Atlassian Bamboo 6.x Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5224
SHA-256 | 72579ac313380df47c8c8323c109ad9176469f5b6f3eb57353d5dbbf09343433
Atlassian Fisheye / Crucible 4.5.2 Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5223
SHA-256 | ba67c38eb49b7df19fab03d44e80e38c02272f017da74579304e5379d19578f7
SourceTree Remote Command Injection
Posted Feb 1, 2018
Authored by Atlassian

Sourcetree for macOS versions 1.0b2 up to 2.7.0 and Sourcetree for Windows versions 0.5.1.0 up to 2.4.7.0 suffers from multiple command injection vulnerabilities.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2017-14592, CVE-2017-14593, CVE-2017-17458, CVE-2017-17831
SHA-256 | d2c94b00ad0ef81396b3578120ab94bfa7b4948ed21552a912349549577784ea
Atlassian Bamboo Code Execution / Argument Injection
Posted Jan 3, 2018
Authored by Atlassian

Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-14589, CVE-2017-14590
SHA-256 | fca84ac002b1e70651aa751b7a890b5e69d0d5a6286d654049f33496dfc1b566
Fisheye / Crucible 4.4.x / 4.5.x Code Execution
Posted Dec 13, 2017
Authored by Atlassian

Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2017-14591
SHA-256 | 0bd5e815725597c657d0c5a6e093eb6974e09f7a3506b05998f40a13281f58a7
Bamboo 6.x Remote Code Execution
Posted Oct 27, 2017
Authored by Atlassian

Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2017-9514
SHA-256 | 5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520e
Bamboo 5.x / 6.x Incorrect Permission Check
Posted Jun 16, 2017
Authored by Atlassian

Bamboo versions prior to 5.15.7 and 6.0.1 suffer from an incorrect permission check.

tags | advisory
advisories | CVE-2017-8907
SHA-256 | f665db424dfe7878fbf9a2575c1b4a5604918b34c770adf075efc1af7356cc9e
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close