cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-21703,https://securityvulnerability.io/vulnerability/CVE-2024-21703,Confluence Data Center and Server Vulnerability,"This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.",Atlassian,"Confluence Data Center,Confluence Server",,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-27T17:00:01.507Z,0 CVE-2024-21697,https://securityvulnerability.io/vulnerability/CVE-2024-21697,"{""{\""text\"":\""High Sev RCE Vulnerability Affects Sourcetree for Mac and Windows\"",\""icon\"":\""⚠️\""}"",""{\""text\"":\""Upgrade to Latest Version to Mitigate Risk\"",\""icon\"":\""🔄\""}""}","A Remote Code Execution vulnerability exists in Sourcetree versions 4.2.8 for Mac and 3.4.19 for Windows, which enables an unauthenticated attacker to execute arbitrary code on the affected systems. This vulnerability has substantial implications, as it significantly compromises the confidentiality, integrity, and availability of the affected products. User interaction is required, which increases the risk of exploitation in environments where users may unknowingly initiate the attack vector. Atlassian strongly advises all users to upgrade to patched versions: Sourcetree for Mac should be updated to version 4.2.9 or higher, while Sourcetree for Windows should be updated to version 3.4.20 or higher to mitigate potential risks.",Atlassian,"Sourcetree For Mac,Sourcetree For Windows",8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-19T19:00:00.635Z,0 CVE-2024-21690,https://securityvulnerability.io/vulnerability/CVE-2024-21690,High Severity Reflected XSS and CSRF Vulnerability Affects Atlassian Confluence Products,"The vulnerability allows unauthenticated attackers to execute arbitrary HTML or JavaScript code in the browser of a victim user. This gained access permits attackers to trigger unwanted actions in web applications where the user is currently authenticated, posing significant risks to user confidentiality. The flaw is linked to certain versions of Atlassian Confluence Data Center and Server, which span across major version releases from 7.19.x to 8.9.x. Users are advised to upgrade to specified fixed versions to mitigate potential exploitation. Refer to the release notes for more detailed guidance on upgrading.",Atlassian,"Confluence Data Center,Confluence Server",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-21T16:05:00.394Z,0 CVE-2024-21689,https://securityvulnerability.io/vulnerability/CVE-2024-21689,High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions,"A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.",Atlassian,"Bamboo Data Center,Bamboo Server",7.6,HIGH,0.0004299999854993075,false,false,false,true,true,false,false,2024-08-20T10:00:00.967Z,0 CVE-2024-21684,https://securityvulnerability.io/vulnerability/CVE-2024-21684,Low Severity Open Redirect Vulnerability Affects Bitbucket Data Center,"There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.",Atlassian,Bitbucket Data Center,3.1,LOW,0.0006099999882280827,false,false,false,false,,false,false,2024-07-24T18:00:01.656Z,0 CVE-2024-21687,https://securityvulnerability.io/vulnerability/CVE-2024-21687,File Inclusion Vulnerability in Bamboo Data Center and Server by Atlassian,"A file inclusion vulnerability was identified in versions 9.0.0 to 9.6.0 of Bamboo Data Center and Server. An authenticated attacker can exploit this vulnerability to manipulate the application into accessing and displaying the contents of local files on the server. The potential consequences include significant risks to confidentiality and integrity of sensitive data, while availability remains unaffected. No user interaction is needed for an attack to succeed. Atlassian advises users to promptly update to the latest version or to one of the mentioned supported fixed versions. Detailed upgrade instructions can be found in the Bamboo release notes and the official download center.",Atlassian,"Bamboo Data Center,Bamboo Server",8.1,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-07-16T21:15:00.000Z,0 CVE-2024-21686,https://securityvulnerability.io/vulnerability/CVE-2024-21686,Stored XSS Vulnerability in Confluence Data Center and Server by Atlassian,"A stored cross-site scripting (XSS) vulnerability has been identified in Confluence Data Center and Server, affecting versions 7.13 and earlier. This vulnerability allows an authenticated attacker to inject and execute arbitrary HTML or JavaScript code in the context of a victim's browser. The exploitation of this vulnerability poses significant risks to the confidentiality and integrity of user data, necessitating immediate attention from affected users. Atlassian advises all customers running vulnerable versions to upgrade to the latest version. For users unable to upgrade, migrating to one of the specified fixed versions is strongly recommended. More details and release notes can be found in Atlassian's documentation.",Atlassian,"Confluence Data Center,Confluence Server",7.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T20:15:00.000Z,0 CVE-2024-21685,https://securityvulnerability.io/vulnerability/CVE-2024-21685,"High Severity Information Disclosure Vulnerability Affects Jira Core Data Center Versions 9.4.0, 9.12.0, and 9.15.0","A significant information disclosure vulnerability has been identified in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This flaw enables unauthenticated attackers to access sensitive data, raising serious concerns regarding confidentiality. Notably, the vulnerability does not compromise the integrity or availability of the system; however, it requires user interaction to exploit. Atlassian advises all Jira Core Data Center users to upgrade to the latest version to mitigate this risk. If upgrading is not immediately possible, users should update to one of the specified fixed versions: Jira Core Data Center 9.4 (greater than or equal to 9.4.21), 9.12 (greater than or equal to 9.12.8), or 9.16 (greater than or equal to 9.16.0). For further insights, please refer to the detailed release notes and download the latest version from Atlassian's official download center.",Atlassian,Jira Core Data Center,7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-18T17:00:00.783Z,0 CVE-2024-21676,https://securityvulnerability.io/vulnerability/CVE-2024-21676,High Severity Injection Vulnerability Affects Confluence Data Center,"A recent publication regarding a vulnerability in Atlassian software products has been retracted, citing reasons suggesting it may have been a false positive or error. This incident highlights the importance of vigilant assessment and verification within cybersecurity frameworks to ensure accurate threat identification. Stakeholders are encouraged to stay informed about updates from Atlassian and to continuously evaluate their security measures in light of new findings.",Atlassian,Confluence Data Center,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T17:00:00.752Z,0 CVE-2024-21677,https://securityvulnerability.io/vulnerability/CVE-2024-21677,"High Severity Path Traversal Vulnerability Affects Confluence Data Center, Upgrade Recommended","The CVE-2024-21677 is a high severity Path Traversal vulnerability affecting Atlassian's Confluence Data Center and Server. It was introduced in version 6.13.0 and has a CVSS score of 8.3. The vulnerability allows an unauthenticated attacker to exploit it, impacting confidentiality, integrity, and availability. Atlassian recommends upgrading to the latest version or to a supported fixed version to address this vulnerability. There is no indication of exploitation by ransomware groups at this time.",Atlassian,Confluence Data Center,8.3,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-03-19T17:00:00.486Z,0 CVE-2024-21678,https://securityvulnerability.io/vulnerability/CVE-2024-21678,Stored XSS Vulnerability in Confluence Data Center by Atlassian,"A Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center, allowing an authenticated attacker to execute arbitrary HTML or JavaScript code in the context of a victim's browser. This vulnerability potentially compromises user confidentiality, affecting data privacy and security. The issue has been reported through Atlassian's Bug Bounty program, prompting the vendor to recommend immediate upgrades to fixed versions to mitigate risks. Users are strongly advised to update to the latest available versions to protect against possible exploits.",Atlassian,Confluence Data Center,8.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-20T18:00:00.727Z,0 CVE-2024-21682,https://securityvulnerability.io/vulnerability/CVE-2024-21682,High Severity Injection Vulnerability Affects Assets Discovery 1.0 - 6.2.0 (All Versions),"A significant injection vulnerability has been identified in the Assets Discovery tool from Atlassian, affecting all versions from 1.0 to 6.2.0. This vulnerability allows an authenticated attacker to alter system calls, potentially compromising the integrity, confidentiality, and availability of the system without user interaction. Assets Discovery is a crucial network scanning tool utilized with Jira Service Management, which aids in identifying and managing hardware and software within a local network. To mitigate risks associated with this vulnerability, Atlassian advises customers to upgrade to the latest version of Assets Discovery. Information about supported fixed versions and the upgrade procedure can be found in the release notes and the Atlassian Marketplace.",Atlassian,Assets Discovery Data Center,7.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-02-20T18:00:00.699Z,0 CVE-2024-21673,https://securityvulnerability.io/vulnerability/CVE-2024-21673,Remote Code Execution Vulnerability in Confluence Data Center and Server by Atlassian,"A notable Remote Code Execution (RCE) vulnerability has been identified in Atlassian's Confluence Data Center and Server, originating from versions 7.13.0 and onwards. This vulnerability allows authenticated attackers to execute arbitrary code remotely, leading to severe risks regarding the confidentiality, integrity, and availability of the affected systems. Notably, the intrusion does not necessitate user interaction, which heightens the risk of unauthorized access to sensitive assets. To mitigate these risks, users are strongly advised to upgrade to the latest supported versions of Confluence, namely 7.19.18 or higher for the 7.19 series, 8.5.5 or higher for the 8.5 series, and 8.7.2 or higher for the 8.7 series. Further details can be found in the Atlassian release notes.",Atlassian,"Confluence Data Center,Confluence Server",8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-01-16T05:00:00.724Z,0 CVE-2024-21672,https://securityvulnerability.io/vulnerability/CVE-2024-21672,Remote Code Execution Vulnerability in Atlassian Confluence Data Center and Server,"A remote code execution vulnerability exists within Atlassian Confluence Data Center and Server, initially introduced in version 2.1.0. This flaw permits an unauthenticated attacker to exploit exposed assets in the affected environment, posing significant risks to confidentiality, integrity, and availability. The vulnerability necessitates user interaction to trigger the exploit, emphasizing the importance of prompt action. Atlassian recommends upgrading to the latest version or specific supported fixed versions for enhanced security. Users of the Confluence Data Center and Server should prioritize these upgrades to mitigate potential security risks.",Atlassian,"Confluence Data Center,Confluence Server",8.3,HIGH,0.0019000000320374966,false,false,false,true,true,false,false,2024-01-16T05:00:00.703Z,0 CVE-2023-22527,https://securityvulnerability.io/vulnerability/CVE-2023-22527,Unauthorized Remote Code Execution Vulnerability Affects Older Versions of Confluence,"A template injection vulnerability exists in older versions of Confluence Data Center and Server, allowing unauthenticated attackers to execute remote code on affected instances. This vulnerability underscores the necessity for users to upgrade to the most recent supported versions, which have been patched against such vulnerabilities. Atlassian has strongly advised customers to promptly apply security updates as outlined in their January Security Bulletin to protect against potential threats. Maintaining an up-to-date environment is crucial to ensure system integrity and safeguard against emerging security risks.",Atlassian,"Confluence Data Center,Confluence Server",9.8,CRITICAL,0.9722899794578552,true,true,true,true,true,true,true,2024-01-16T05:00:00.692Z,19235 CVE-2024-21674,https://securityvulnerability.io/vulnerability/CVE-2024-21674,Remote Code Execution Vulnerability in Confluence Data Center and Server by Atlassian,"A Remote Code Execution vulnerability exists within Atlassian's Confluence Data Center and Server, introduced in version 7.13.0. This flaw enables unauthenticated attackers to execute arbitrary code, potentially exposing sensitive assets within a user's environment. The vulnerability predominantly affects confidentiality, leaving integrity and availability intact, and does not require any user interaction for exploitation. To mitigate risks associated with CVE-2024-21674, it is crucial for users to upgrade to specific versions as recommended by Atlassian, ensuring their systems are safeguarded against potential threats.",Atlassian,"Confluence Data Center,Confluence Server",7.5,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2024-01-16T05:00:00.639Z,0 CVE-2023-22526,https://securityvulnerability.io/vulnerability/CVE-2023-22526,Remote Code Execution Vulnerability in Atlassian Confluence Data Center,"A significant Remote Code Execution (RCE) vulnerability exists in specific versions of Atlassian Confluence Data Center, which allows authenticated attackers to execute arbitrary code without requiring user interaction. This vulnerability poses substantial risks to the confidentiality, integrity, and availability of affected systems. Users are strongly advised to upgrade to the latest versions or the specified fixed releases to mitigate potential threats. More information on the latest upgrades can be found through the Atlassian release notes.",Atlassian,Confluence Data Center,8.8,HIGH,0.0016400000313296914,false,false,false,false,,false,false,2024-01-16T05:00:00.597Z,0 CVE-2023-22524,https://securityvulnerability.io/vulnerability/CVE-2023-22524,Remote Code Execution Vulnerability in Atlassian Companion App for MacOS,"Certain versions of the Atlassian Companion App for MacOS are susceptible to a remote code execution vulnerability. This issue arises from the application’s handling of WebSockets, enabling attackers to circumvent blocklist protections and bypass MacOS Gatekeeper. Consequently, this could lead to unauthorized code execution on the affected systems. Users of the affected versions are advised to apply necessary updates to mitigate the risk associated with this vulnerability.",Atlassian,Companion for Mac,9.6,CRITICAL,0.0038900000508874655,false,true,false,true,true,false,false,2023-12-06T05:15:00.000Z,0 CVE-2023-22522,https://securityvulnerability.io/vulnerability/CVE-2023-22522,Template Injection Vulnerability in Atlassian Confluence Server and Data Center,"A Template Injection vulnerability exists in Atlassian Confluence which allows an authenticated user, even with anonymous access, to inject harmful user input into Confluence pages. This can lead to Remote Code Execution (RCE), putting affected instances at risk. Notably, Confluence Data Center and Server versions are susceptible, while Atlassian Cloud sites are not impacted by this issue. Administrators should evaluate their environments and apply the necessary patches as per the provided advisory for enhanced security.",Atlassian,"Confluence Data Center,Confluence Server",9,CRITICAL,0.0020000000949949026,false,true,false,true,,false,false,2023-12-06T05:15:00.000Z,0 CVE-2023-22523,https://securityvulnerability.io/vulnerability/CVE-2023-22523,Potential Remote Code Execution Vulnerability in Assets Discovery Application,"A remote code execution vulnerability has been identified in the Assets Discovery application, which can be exploited by attackers to execute arbitrary code on systems where the Assets Discovery agent is installed. This vulnerability arises from an insecure interaction between the Assets Discovery application and its agent, potentially allowing unauthorized access to control system functionalities. It is crucial for users to apply the necessary patches to mitigate the risks associated with this security flaw. For detailed guidance, please refer to Atlassian's security documentation.",Atlassian,"Assets Discovery Cloud,Assets Discovery Data Center",9.8,CRITICAL,0.001610000035725534,false,false,false,false,,false,false,2023-12-06T05:15:00.000Z,0 CVE-2023-22516,https://securityvulnerability.io/vulnerability/CVE-2023-22516,Remote Code Execution Vulnerability in Bamboo Data Center and Server by Atlassian,"A Remote Code Execution vulnerability has been identified in Bamboo Data Center and Server versions 8.1.0 through 9.3.0, allowing authenticated attackers to execute arbitrary code without user interaction. This vulnerability poses significant risks, affecting confidentiality, integrity, and availability. It is crucial for users on affected versions to upgrade immediately to the latest release or a specified fixed version to mitigate potential exploitation. For guidance on upgrades, please refer to Atlassian's official documentation.",Atlassian,"Bamboo Data Center,Bamboo Server",8.5,HIGH,0.0017900000093504786,false,false,false,false,,false,false,2023-11-21T18:15:00.000Z,0 CVE-2023-22521,https://securityvulnerability.io/vulnerability/CVE-2023-22521,Remote Code Execution Vulnerability in Crowd Data Center and Server by Atlassian,"A Remote Code Execution vulnerability was identified in Crowd Data Center and Server, specifically from version 3.4.6. An authenticated attacker can exploit this vulnerability to execute arbitrary code, jeopardizing the confidentiality, integrity, and availability of affected systems. This exploit does not require user interaction, which heightens its potential impact. Users are urged to upgrade to the latest version to mitigate this risk. Recommended fixed versions include Crowd Data Center and Server 3.4 upgrades from 5.1.6 or above, and for 5.2, upgrades from 5.2.1 or above. Detailed release notes and downloads are available on Atlassian’s official pages.",Atlassian,"Crowd Data Center,Crowd Server",8.8,HIGH,0.0017900000093504786,false,false,false,false,,false,false,2023-11-21T18:15:00.000Z,0 CVE-2023-22518,https://securityvulnerability.io/vulnerability/CVE-2023-22518,"Unexexploited Vulnerability Affects Confluence Data Center and Server, Leading to Full Loss of Confidentiality, Integrity, and Availability","A significant vulnerability affecting all versions of Atlassian Confluence Data Center and Server allows unauthenticated attackers to exploit an improper authorization flaw. This vulnerability enables the creation of a Confluence instance administrator account, granting unauthorized users extensive administrative privileges. Once access is obtained, attackers can execute a variety of administrative actions within the affected system. The implications of this vulnerability are severe, potentially resulting in a complete compromise of confidentiality, integrity, and availability of the Confluence environment. It is crucial to note that sites hosted on atlassian.net are not affected by this risk.",Atlassian,"Confluence Data Center,Confluence Server",9.8,CRITICAL,0.9694100022315979,true,true,true,true,true,false,false,2023-10-31T15:15:00.000Z,0 CVE-2023-22515,https://securityvulnerability.io/vulnerability/CVE-2023-22515,"Unknown Vulnerability Affects Confluence instances, External Attackers May Create Unauthorized Admin Accounts","Atlassian has identified a vulnerability in its Confluence Data Center and Server products that allows external attackers to create unauthorized administrator accounts. This issue could enable malicious actors to gain unrestricted access to Confluence instances that are publicly accessible. It is important to note that Confluence Cloud sites, hosted under an atlassian.net domain, remain unaffected by this vulnerability. Organizations using the affected versions should address this security risk promptly to safeguard their data.",Atlassian,"Confluence Data Center,Confluence Server",9.8,CRITICAL,0.969730019569397,true,true,true,true,true,false,false,2023-10-04T14:15:00.000Z,0 CVE-2023-22513,https://securityvulnerability.io/vulnerability/CVE-2023-22513,Remote Code Execution Vulnerability in Bitbucket Data Center and Server by Atlassian,"A critical Remote Code Execution vulnerability was identified in Bitbucket Data Center and Server starting from version 8.0.0. This security issue permits an authenticated attacker to execute arbitrary code without user interaction, threatening the confidentiality, integrity, and availability of the affected systems. Users are urged to upgrade to the latest version or one of the supported fixed releases to mitigate potential risks. More details can be found in Atlassian's release notes for Bitbucket.",Atlassian,"Bitbucket Data Center,Bitbucket Server",8.8,HIGH,0.001500000013038516,false,false,false,false,,false,false,2023-09-19T17:15:00.000Z,0