atlassian security advisories

8 threat alerts tracking vulnerabilities and security advisories that affect atlassian products.

Vulnios monitors atlassian CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent atlassian security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2012-2926 — atlassian — bamboo, confluence
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.
criticalCVE-2012-2926
Critical Vulnerability: CVE-2017-14590 — atlassian — bamboo
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has
criticalCVE-2017-14590
Critical Vulnerability: CVE-2017-14589 — atlassian — bamboo
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a
criticalCVE-2017-14589
Critical Vulnerability: CVE-2017-14591 — atlassian — crucible, fisheye
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code
criticalCVE-2017-14591
Critical Vulnerability: CVE-2017-14586 — atlassian — hipchat
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are a
criticalCVE-2017-14586
Critical Vulnerability: CVE-2017-8768 — atlassian — sourcetree
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree:
criticalCVE-2017-8768
Critical Vulnerability: CVE-2017-7357 — atlassian — hipchat_server
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
criticalCVE-2017-7357
Critical Vulnerability: CVE-2017-5983 — atlassian — jira
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, o
criticalCVE-2017-5983

Track atlassian exposure across your environment

Vulnios automatically cross-references your asset inventory against new atlassian CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

atlassian security advisories

Critical Vulnerability: CVE-2012-2926 — atlassian — bamboo, confluence

Critical Vulnerability: CVE-2017-14590 — atlassian — bamboo

Critical Vulnerability: CVE-2017-14589 — atlassian — bamboo

Critical Vulnerability: CVE-2017-14591 — atlassian — crucible, fisheye

Critical Vulnerability: CVE-2017-14586 — atlassian — hipchat

Critical Vulnerability: CVE-2017-8768 — atlassian — sourcetree

Critical Vulnerability: CVE-2017-7357 — atlassian — hipchat_server

Critical Vulnerability: CVE-2017-5983 — atlassian — jira

Track atlassian exposure across your environment