CVSS: 9.8EPSS: 2%CPEs: 66EXPL: 0CVE-2017-5983
https://notcve.org/view.php?id=CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. El complemento de JIRA Workflow Designer en Atlassian JIRA Server en versiones anteriores a 6.3.0 utiliza incorrectamente un analizador y deserializador XML, que permite a atacantes remotos ejecutar código arbitrario, leer archivos arbitrarios o provocar una denegación de servicio a través de un objeto Java serializado. • http://codewhitesec.blogspot.com/2017/04/amf.html http://www.securityfocus.com/bid/97379 https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html https://jira.atlassian.com/browse/JRASERVER-64077 https://www.kb.cert.org/vuls/id/307983 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4318
https://notcve.org/view.php?id=CVE-2016-4318
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene XSS en project/ViewDefaultProjectRoleActors.jspa a través de un nombre de función. • http://www.securityfocus.com/bid/97516 https://confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016 https://jira.atlassian.com/browse/JRA-61861 https://jira.atlassian.com/browse/JRASERVER-61861 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4319
https://notcve.org/view.php?id=CVE-2016-4319
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. Atlassian JIRA Server en versiones anteriores a 7.1.9 tiene CSRF en auditoría/ajustes. • http://www.securityfocus.com/bid/97517 https://confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016 https://jira.atlassian.com/browse/JRA-61803 https://jira.atlassian.com/browse/JRASERVER-61803 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-6285
https://notcve.org/view.php?id=CVE-2016-6285
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Vulnerabilidad XSS en includes/decorators/global-translations.jsp en Atlassian JIRA en versiones anteriores a 7.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del encabezado HTTP Host. • http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2017/Jan/41 http://www.securityfocus.com/bid/95913 https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2 https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2016-6668
https://notcve.org/view.php?id=CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo páginas no especificadas. • http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html http://www.securityfocus.com/archive/1/539530/100/0/threaded http://www.securityfocus.com/bid/93159 https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •