cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2021-43956,https://securityvulnerability.io/vulnerability/CVE-2021-43956,Prototype Pollution Vulnerability in Fisheye and Crucible by Atlassian,"The jQuery deserialize library found in Fisheye and Crucible before version 4.8.9 is susceptible to a prototype pollution vulnerability. This allows remote attackers to exploit the system by injecting arbitrary HTML and JavaScript. Such exploits can lead to unauthorized actions on behalf of users, potentially compromising the integrity and security of the affected applications. To mitigate this risk, users should update to the latest version of Fisheye and Crucible as recommended by Atlassian.",Atlassian,"Fisheye,Crucible",6.1,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2022-03-16T01:15:00.000Z,0
CVE-2021-43958,https://securityvulnerability.io/vulnerability/CVE-2021-43958,Improper Authentication Limitations in Atlassian Fisheye and Crucible,"In versions prior to 4.8.9 of Atlassian Fisheye and Crucible, various REST resources did not enforce limits on failed login attempts. This flaw allows remote attackers to exploit the system by repeatedly attempting to guess user credentials without hitting a maximum threshold. As a result, attackers could bypass expected security measures, such as CAPTCHA challenges that are intended to prevent automated access. Organizations using these applications are advised to update to the latest versions to mitigate the risk of unauthorized access.",Atlassian,"Fisheye,Crucible",9.8,CRITICAL,0.008139999583363533,false,,false,false,false,,,false,false,,2022-03-16T01:15:00.000Z,0
CVE-2021-43957,https://securityvulnerability.io/vulnerability/CVE-2021-43957,Insecure Direct Object Reference in Atlassian Fisheye & Crucible,"Certain versions of Atlassian Fisheye & Crucible are susceptible to an Insecure Direct Object Reference vulnerability that allows remote attackers to gain unauthorized access to sensitive local files. This flaw emerges from a lack of URL decoding in the WEB-INF directory, which undermines prior fixes intended to mitigate similar threats. Users of affected versions should update to the latest release to protect against potential exploitation.",Atlassian,"Fisheye,Crucible",7.5,HIGH,0.007110000122338533,false,,false,false,false,,,false,false,,2022-03-16T01:15:00.000Z,0
CVE-2021-43955,https://securityvulnerability.io/vulnerability/CVE-2021-43955,Information Disclosure Vulnerability in Fisheye and Crucible by Atlassian,"The vulnerability in Fisheye and Crucible allows authenticated remote attackers to access sensitive information about installation directories through the /rest-service-fecru/server-v1 resource. This flaw exists in versions before 4.8.9, posing risks to users by potentially revealing details that could be exploited for further attacks.",Atlassian,"Fisheye,Crucible",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-03-16T01:15:00.000Z,0
CVE-2021-43954,https://securityvulnerability.io/vulnerability/CVE-2021-43954,Server-Side Request Forgery Vulnerability in Fisheye and Crucible by Atlassian,"The DefaultRepositoryAdminService class in Atlassian's Fisheye and Crucible versions before 4.8.9 contains a server-side request forgery (SSRF) vulnerability. This flaw enables remote attackers, granted 'can add repository' permissions, to exploit the system and enumerate internal network and filesystem resources. Attackers can craft specially designed requests that leverage this weakness, potentially revealing sensitive information about the internal architecture.",Atlassian,"Fisheye,Crucible",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-03-14T02:15:00.000Z,0
CVE-2020-14192,https://securityvulnerability.io/vulnerability/CVE-2020-14192,Information Disclosure Vulnerability in Atlassian Fisheye and Crucible,"An information disclosure vulnerability exists in affected versions of Atlassian Fisheye and Crucible due to improper handling of the x-asen response header from Atlassian Analytics. This flaw allows remote attackers to potentially access sensitive product data, such as the product's SEN (Secure Environment Number). To mitigate this risk, users are advised to update to version 4.8.4 or later.",Atlassian,"Fisheye,Crucible",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-02-02T00:15:00.000Z,0
CVE-2020-29446,https://securityvulnerability.io/vulnerability/CVE-2020-29446,Insecure Direct Object Reference in Atlassian Fisheye and Crucible,"The vulnerability identified in certain versions of Atlassian Fisheye and Crucible consists of an Insecure Direct Object Reference (IDOR) that enables remote attackers to access local files through the WEB-INF directory. This exposure occurs in versions prior to 4.8.5, allowing unauthorized data access that can lead to further security breaches.",Atlassian,"Fisheye,Crucible",5.3,MEDIUM,0.002309999894350767,false,,false,false,false,,,false,false,,2021-01-18T02:15:00.000Z,0
CVE-2020-29447,https://securityvulnerability.io/vulnerability/CVE-2020-29447,Denial of Service Vulnerability in Atlassian Crucible,"A remote attacker can exploit a flaw in the file upload request feature of Atlassian Crucible, leading to a Denial of Service that impacts the availability of the application. This vulnerability affects Crucible versions prior to 4.7.4 and those between 4.8.0 and 4.8.4. It is important for users to be aware of this issue and take steps to update their software to mitigate potential risks.",Atlassian,Crucible,4.3,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2020-12-21T01:15:00.000Z,0
CVE-2020-14190,https://securityvulnerability.io/vulnerability/CVE-2020-14190,Regex Denial of Service Vulnerability in Atlassian Fisheye/Crucible,"Atlassian Fisheye/Crucible versions prior to 4.8.4 are susceptible to a Regex Denial of Service vulnerability, which can be exploited by remote attackers through the manipulation of user-supplied regular expressions in EyeQL. This flaw can lead to severe disruption of service, impacting availability and performance.",Atlassian,"Fisheye,Crucible",7.5,HIGH,0.002360000042244792,false,,false,false,false,,,false,false,,2020-11-25T23:15:00.000Z,0
CVE-2020-14191,https://securityvulnerability.io/vulnerability/CVE-2020-14191,Denial of Service Vulnerability in Atlassian Fisheye/Crucible,"A vulnerability in Atlassian Fisheye/Crucible allows remote attackers to disrupt the application's availability. This Denial of Service issue resides in the MessageBundleResource within Atlassian Gadgets. Versions prior to 4.8.4 are affected, making systems potentially susceptible to exploitation.",Atlassian,"Fisheye,Crucible",7.5,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2020-11-25T22:15:00.000Z,0
CVE-2020-4026,https://securityvulnerability.io/vulnerability/CVE-2020-4026,Authorization Flaw in Atlassian Navigator Links Affects Multiple Versions,"An authorization issue in Atlassian Navigator Links allows remote attackers to gain access to listings of all linked applications, including those that are hidden or have restricted access. This vulnerability stems from improper authentication checks in multiple versions of the product, potentially exposing sensitive information to unauthorized users.",Atlassian,"Navigator Links,Crucible,Fisheye",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2020-06-03T00:15:00.000Z,0
CVE-2020-4017,https://securityvulnerability.io/vulnerability/CVE-2020-4017,Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin,"The crucible-jira-ril plugin in Atlassian Fisheye and Crucible prior to version 4.8.1 contains an information disclosure vulnerability that enables remote attackers to access sensitive information relating to configured Jira application links. This exposure can lead to unauthorized insights into the application's setup and linked resources, making it essential for users to upgrade to the latest version to mitigate potential risks.",Atlassian,"Crucible,Fisheye",5.3,MEDIUM,0.00203999993391335,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4016,https://securityvulnerability.io/vulnerability/CVE-2020-4016,Information Disclosure in Atlassian Fisheye and Crucible Plugin,"The crucible-jira-ril plugin in Atlassian Fisheye and Crucible prior to version 4.8.1 has a vulnerability that allows remote attackers to gain access to sensitive information. By exploiting this vulnerability, attackers may obtain the IDs of configured Jira application links, potentially leading to unauthorized access or further attacks on linked applications. It is crucial for users of affected versions to update their installations to safeguard sensitive data.",Atlassian,"Crucible,Fisheye",5.3,MEDIUM,0.00203999993391335,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4018,https://securityvulnerability.io/vulnerability/CVE-2020-4018,Cross-Site Request Forgery in Atlassian Fisheye and Crucible Setup Process,"The setup resources in Atlassian Fisheye and Crucible prior to version 4.8.1 contain a cross-site request forgery (CSRF) vulnerability that allows unauthorized remote attackers to manipulate the setup process. This security flaw can potentially lead to an unauthorized completion of the setup, affecting the integrity and security of the applications.",Atlassian,"Crucible,Fisheye",8.8,HIGH,0.002139999996870756,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4013,https://securityvulnerability.io/vulnerability/CVE-2020-4013,Remote Code Execution Risk in Atlassian Fisheye and Crucible for Web Applications,"The review resource in Atlassian Fisheye and Crucible prior to version 4.8.1 is susceptible to a cross-site scripting (XSS) vulnerability. This flaw permits remote attackers to inject arbitrary HTML and JavaScript code through the review objectives interface. Exploiting this weakness could lead to unauthorized actions and access to sensitive information, compromising the security of affected web applications.",Atlassian,"Crucible,Fisheye",5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4023,https://securityvulnerability.io/vulnerability/CVE-2020-4023,Cross-Site Scripting Vulnerability in Atlassian Fisheye and Crucible,"A vulnerability in Atlassian Fisheye and Crucible allows remote attackers to inject arbitrary HTML or JavaScript via the committerFilter parameter. This Cross-Site Scripting (XSS) vulnerability could lead to the execution of malicious scripts in a user's browser, potentially compromising sensitive information or user sessions.",Atlassian,"Crucible,Fisheye",5.4,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4014,https://securityvulnerability.io/vulnerability/CVE-2020-4014,Improper Authorization Vulnerability in Atlassian Fisheye and Crucible,"A vulnerability exists in Atlassian Fisheye and Crucible allowing remote attackers to manipulate another user's repository watch settings. In version prior to 4.8.1, unauthorized users can exploit the /profile/deleteWatch.do resource, leading to potential disruption in access controls. This flaw highlights the importance of robust authorization checks in web applications to protect user configurations.",Atlassian,"Crucible,Fisheye",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2020-4015,https://securityvulnerability.io/vulnerability/CVE-2020-4015,Information Disclosure Vulnerability in Atlassian Fisheye and Crucible,"An information disclosure vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.1. This vulnerability allows remote attackers to gain unauthorized access to user email addresses by exploiting the /json/fe/activeUserFinder.do resource. Attackers can misuse this information to target users for phishing attacks or other malicious activities, emphasizing the importance of timely updates to secure sensitive user data.",Atlassian,"Crucible,Fisheye",4.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-06-01T07:15:00.000Z,0
CVE-2019-15009,https://securityvulnerability.io/vulnerability/CVE-2019-15009,Improper Authorization Vulnerability in Atlassian Fisheye and Crucible,"An improper authorization vulnerability exists in the /json/profile/removeStarAjax.do resource for Atlassian Fisheye and Crucible, allowing remote attackers to remove a user's favorite project settings without proper checks. This flaw can lead to a compromised user experience as it allows unauthorized changes to individual user preferences.",Atlassian,"Crucible,Fisheye",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2019-12-11T00:00:00.000Z,0
CVE-2019-15008,https://securityvulnerability.io/vulnerability/CVE-2019-15008,Cross-Site Scripting Flaw in Atlassian Fisheye and Crucible Software,"A security flaw in the /plugins/servlet/branchreview resource of Atlassian Fisheye and Crucible allows attackers to conduct Cross-Site Scripting attacks by injecting malicious HTML or JavaScript through the manipulated reviewedBranch parameter. This vulnerability poses a significant risk to users, potentially leading to unauthorized access and manipulation of sensitive data.",Atlassian,"Crucible,Fisheye",6.1,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2019-12-11T00:00:00.000Z,0
CVE-2019-15007,https://securityvulnerability.io/vulnerability/CVE-2019-15007,Cross-Site Scripting Flaw in Atlassian Fisheye and Crucible,"Atlassian Fisheye and Crucible, prior to version 4.7.3, are vulnerable to a cross-site scripting (XSS) attack. This vulnerability allows remote attackers to inject arbitrary HTML or JavaScript into the application through a crafted branch name. If successfully exploited, this can lead to unauthorized access, data theft, or manipulation, posing significant risks to user security and application integrity.",Atlassian,"Crucible,Fisheye",4.8,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2019-12-11T00:00:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,Authorization Bypass in Atlassian Troubleshooting and Support Tools Plugin,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 is prone to an authorization bypass vulnerability that enables unprivileged users to perform unauthorized log scans. This flaw allows attackers to send application configuration details to a designated email, potentially exposing sensitive information regarding the application's setup and environment. Affected products include multiple versions of Atlassian’s software suite, making it critical for users to upgrade to mitigate risks associated with this vulnerability.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-08T00:00:00.000Z,0
CVE-2018-20240,https://securityvulnerability.io/vulnerability/CVE-2018-20240,,The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.,Atlassian,Fisheye And Crucible,4.8,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2019-02-20T14:29:00.000Z,0