CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21703
https://notcve.org/view.php?id=CVE-2024-21703
27 Nov 2024 — This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Conflu... • https://jira.atlassian.com/browse/CONFSERVER-98413 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21697
https://notcve.org/view.php?id=CVE-2024-21697
19 Nov 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to l... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091 •
CVSS: 7.6EPSS: 40%CPEs: 2EXPL: 1CVE-2024-21689
https://notcve.org/view.php?id=CVE-2024-21689
20 Aug 2024 — This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Bamboo Data Center and Server customers upg... • https://github.com/salvadornakamura/CVE-2024-21689 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21684
https://notcve.org/view.php?id=CVE-2024-21684
24 Jul 2024 — There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for... • https://jira.atlassian.com/browse/BSERV-19454 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21687
https://notcve.org/view.php?id=CVE-2024-21687
16 Jul 2024 — This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user interaction.... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1417150917 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21686
https://notcve.org/view.php?id=CVE-2024-21686
16 Jul 2024 — This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable t... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1417150917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21685
https://notcve.org/view.php?id=CVE-2024-21685
18 Jun 2024 — This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 92%CPEs: 28EXPL: 7CVE-2024-21683 – Atlassian Confluence Administrator Code Macro Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-21683
21 May 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to d... • https://packetstorm.news/files/id/179507 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29461
https://notcve.org/view.php?id=CVE-2024-29461
12 Apr 2024 — An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. Un problema en Floodlight SDN OpenFlow Controller v.1.2 permite que un atacante remoto provoque una denegación de servicio a través del componente datapath id. • https://gist.github.com/ErodedElk/399a226905c574efe705e3bff77955e3 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-21677
https://notcve.org/view.php?id=CVE-2024-21677
19 Mar 2024 — This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your in... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1369444862 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •