exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files from Atlassian

Email addresssecurity at atlassian.com
First Active2017-06-16
Last Active2019-12-20
Atlassian Confluence Man-In-The-Middle
Posted Dec 20, 2019
Authored by Atlassian

Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.

tags | advisory
advisories | CVE-2019-15006
MD5 | 6bba166f54c149432dfd39e4c19febbe
Jira Service Desk Server / Data Center Path Traversal
Posted Nov 8, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-15003, CVE-2019-15004
MD5 | 0b5fcfe5c5e79daa7fc9013b16f45ff0
Jira Server / Data Center Template Injection
Posted Sep 25, 2019
Authored by Atlassian

Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.

tags | advisory
advisories | CVE-2019-15001
MD5 | c9f6b4eac4f5ce4658f8f2f1eb712aea
Bitbucket Server / Data Center Argument Injection
Posted Sep 25, 2019
Authored by Atlassian

Bitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affected include those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 up to 6.4.3, and 6.5.0 up to 6.5.2.

tags | advisory
advisories | CVE-2019-15000
MD5 | 9fd8d1d1d6e13abcbe19795ff31077c0
Jira Service Desk Server And Data Center Path Traversal
Posted Sep 22, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-14994
MD5 | 2cafb83261ba57820b981e48d69e5d22
Confluence Server Local File Disclosure
Posted Aug 31, 2019
Authored by Atlassian

Confluence Server versions 6.1.0 up to 6.6.16, 6.7.0 up to 6.13.7, and 6.14.0 up to 6.15.8 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2019-3394
MD5 | 639dc624fdea8879f169bc879ae3fb24
Crowd / Crowd Data Center pdkinstall Enabled
Posted May 27, 2019
Authored by Atlassian

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. Versions of Crowd and Crowd Data Center starting with version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2019-11580
MD5 | 4595d6d0b7aa1bdd0068d116bc6f12f8
Bitbucket Path Traversal / Remote Code Execution
Posted May 23, 2019
Authored by Atlassian

Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.

tags | advisory, remote, arbitrary, code execution, file inclusion
advisories | CVE-2019-3397
MD5 | 657e273aa3e0e9c381f5de0e31630a90
Confluence Server / Data Center Path Traversal
Posted Apr 24, 2019
Authored by Atlassian

Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.

tags | advisory, file inclusion
advisories | CVE-2019-3398
MD5 | ecb6b12f605a3e2392294e768ae4f8be
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
advisories | CVE-2019-3395, CVE-2019-3396
MD5 | 1d352c1a218af7a443a8de8ec9882615
Sourcetree Git Arbitrary Code Execution / URL Handling
Posted Mar 21, 2019
Authored by Atlassian, Terry Zhang

Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.

tags | advisory, vulnerability, code execution
systems | windows
advisories | CVE-2018-17456, CVE-2018-20234, CVE-2018-20235, CVE-2018-20236
MD5 | 8c11e1db6b9aa505af1b9078fb0fe02f
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
MD5 | 3149f5b5c6b108a0813b481370d341e4
Atlassian Bamboo 6.x Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5224
MD5 | 94acc718c0e3e5468bc101178d369095
Atlassian Fisheye / Crucible 4.5.2 Code Execution
Posted Apr 5, 2018
Authored by Atlassian

Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2018-5223
MD5 | cc12264137c403adf94d352e2dd1eef5
SourceTree Remote Command Injection
Posted Feb 1, 2018
Authored by Atlassian

Sourcetree for macOS versions 1.0b2 up to 2.7.0 and Sourcetree for Windows versions 0.5.1.0 up to 2.4.7.0 suffers from multiple command injection vulnerabilities.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2017-14592, CVE-2017-14593, CVE-2017-17458, CVE-2017-17831
MD5 | b6f6d427c28112f1184e24193c496c12
Atlassian Bamboo Code Execution / Argument Injection
Posted Jan 3, 2018
Authored by Atlassian

Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-14589, CVE-2017-14590
MD5 | 146a1874f481e9313c0913a2206b4eb4
Fisheye / Crucible 4.4.x / 4.5.x Code Execution
Posted Dec 13, 2017
Authored by Atlassian

Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2017-14591
MD5 | 1d097304cc3b2e15850838305b666f09
Bamboo 6.x Remote Code Execution
Posted Oct 27, 2017
Authored by Atlassian

Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2017-9514
MD5 | ae8cac2b1f1ed2cdeec18149785fad9f
Bamboo 5.x / 6.x Incorrect Permission Check
Posted Jun 16, 2017
Authored by Atlassian

Bamboo versions prior to 5.15.7 and 6.0.1 suffer from an incorrect permission check.

tags | advisory
advisories | CVE-2017-8907
MD5 | a87776357de9630027acedfb29b77159
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close