cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22521,https://securityvulnerability.io/vulnerability/CVE-2023-22521,Remote Code Execution Vulnerability in Crowd Data Center and Server by Atlassian,"A Remote Code Execution vulnerability was identified in Crowd Data Center and Server, specifically from version 3.4.6. An authenticated attacker can exploit this vulnerability to execute arbitrary code, jeopardizing the confidentiality, integrity, and availability of affected systems. This exploit does not require user interaction, which heightens its potential impact. Users are urged to upgrade to the latest version to mitigate this risk. Recommended fixed versions include Crowd Data Center and Server 3.4 upgrades from 5.1.6 or above, and for 5.2, upgrades from 5.2.1 or above. Detailed release notes and downloads are available on Atlassian’s official pages.",Atlassian,"Crowd Data Center,Crowd Server",8.8,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2023-11-21T18:15:00.000Z,0
CVE-2022-43782,https://securityvulnerability.io/vulnerability/CVE-2022-43782,Security Misconfiguration Vulnerability in Atlassian Crowd,"A vulnerability in Atlassian Crowd allows attackers to authenticate as the application due to security misconfiguration. Exploitation can occur through the ability to invoke privileged endpoints in Crowd's REST API, specifically under the {{usermanagement}} path. This vulnerability is limited to IPs specified in the application's allowlist, which is empty by default, exposing all users to potential unauthorized access. Affected versions include all versions from 3.x.x, 4.x.x prior to 4.4.4, and 5.x.x before 5.0.3.",Atlassian,"Crowd Data Center,Crowd Server",9.8,CRITICAL,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-11-17T00:00:01.315Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,Authorization Bypass in Atlassian Troubleshooting and Support Tools Plugin,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 is prone to an authorization bypass vulnerability that enables unprivileged users to perform unauthorized log scans. This flaw allows attackers to send application configuration details to a designated email, potentially exposing sensitive information regarding the application's setup and environment. Affected products include multiple versions of Atlassian’s software suite, making it critical for users to upgrade to mitigate risks associated with this vulnerability.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-08T00:00:00.000Z,0
CVE-2012-2926,https://securityvulnerability.io/vulnerability/CVE-2012-2926,,"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",Atlassian,"Fisheye,Confluence,Jira,Crucible,Crowd,Bamboo,Confluence Server",9.1,CRITICAL,0.46397000551223755,false,,false,false,false,,,false,false,,2012-05-22T15:00:00.000Z,0