CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2016-6668
https://notcve.org/view.php?id=CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo páginas no especificadas. • http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html http://www.securityfocus.com/archive/1/539530/100/0/threaded http://www.securityfocus.com/bid/93159 https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-6342 – Atlassian Confluence 3.0 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-6342
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en logout.action en Confluence versión 3.4.6 de Atlassian, permite a los atacantes remotos secuestrar la autenticación de administradores para las peticiones que cierran la sesión del usuario por medio de un comentario. Atlassian Confluence version 3.0 suffers from multiple cross site request forgery vulnerabilities. The vendor has decided not to fix these issues. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0066.html http://packetstormsecurity.com/files/116829/Atlassian-Confluence-3.0-Cross-Site-Request-Forgery.html http://www.halock.com/blog/cve-2012-6342-atlassian-confluence-multiple-cross-site-request-forgery-csrf-vulnerabilities http://www.securityfocus.com/archive/1/524217/30/450/threaded https://jira.atlassian.com/browse/CONFSERVER-22784 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 1%CPEs: 29EXPL: 0CVE-2012-2928
https://notcve.org/view.php?id=CVE-2012-2928
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia.com/advisories/49166 http://www.securityfocus.com/bid/53595 https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 45%CPEs: 17EXPL: 1CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • https://www.exploit-db.com/exploits/37218 http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia&# •