Search

Find a vulnerability

Search criteria

    107 vulnerabilities found for Crucible by Atlassian

    VAR-201008-0298

    Vulnerability from variot - Updated: 2025-04-11 23:10

    The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of "#" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101 (XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.

    Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.

    Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------

    Passionate about writing secure code?

    http://secunia.com/company/jobs/open_positions/talented_programmer

    Read this if your favourite tool is a disassembler

    http://secunia.com/company/jobs/open_positions/reverse_engineer


    TITLE: XWork "ParameterInterceptor" Security Bypass Vulnerability

    SECUNIA ADVISORY ID: SA40558

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40558

    RELEASE DATE: 2010-07-13

    DISCUSS ADVISORY: http://secunia.com/advisories/40558/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/40558/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=40558

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in XWork, which can be exploited by malicious people to bypass certain security restrictions.

    The vulnerability is caused due to the "ParameterInterceptor" class improperly restricting access to server-side objects. This can be exploited to modify server-side objects and e.g.

    This is related to: SA32495

    SOLUTION: Filter malicious characters and character sequences using a proxy.

    PROVIDED AND/OR DISCOVERED BY: Meder Kydyraliev, Google Security Team

    ORIGINAL ADVISORY: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


                   VMware Security Advisory
    

    Advisory ID: VMSA-2011-0005 Synopsis: VMware vCenter Orchestrator remote code execution vulnerability Issue date: 2011-03-14 Updated on: 2011-03-14 (initial release of advisory) CVE numbers: CVE-2010-1870


    1. Summary

    A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.

    1. Relevant releases

    VMware vCenter Orchestrator 4.1 VMware vCenter Orchestrator 4.0

    1. Problem Description

      VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component.

      The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.

      VMware would like to thank the Vulnerability Research Team of Digital Defense, Inc. for reporting this issue to us.

      Apache Struts version 2.0.11 and earlier also contain vulnerabilities which have not been assigned CVE names. This advisory also addresses these vulnerabilities described at the following URLs:

      • http://struts.apache.org/2.2.1/docs/s2-002.html
      • http://struts.apache.org/2.2.1/docs/s2-003.html
      • http://struts.apache.org/2.2.1/docs/s2-004.html

      Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

      VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCO 4.1 Windows vCO fix for Apache Struts * vCO 4.0 Windows vCO fix for Apache Struts *

      • Refer to VMware Knowledge Base article 1034175 for a workaround.
    2. Solution

      Vmware vCenter Orchestrator

      vCenter Orchestrator workaround for Apache Struts http://kb.vmware.com/kb/1034175

    3. References

    CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870


    1. Change log

    2011-03-14 VMSA-2011-0005 Initial security advisory in conjunction with the release of an Apache Struts workaround for VMware vCenter Orchestrator on 2011-03-14.


    1. Contact

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    • security-announce at lists.vmware.com
    • bugtraq at securityfocus.com
    • full-disclosure at lists.grok.org.uk

    E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Advisories http://www.vmware.com/security/advisories

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2011 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8

    wj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD J0gV3DRUWD3NMkMKC/ysvZE= =8K7w -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

    For more information: SA40558

    SOLUTION: Update to FishEye 2.3.3 and Crucible 2.3.3 or apply patches.

    For more information: SA40558

    SOLUTION: Fixed in the SVN repository. Document Title:

    ===============

    LISTSERV Maestro Remote Code Execution Vulnerability

    References (Source):

    ====================

    https://www.securifera.com/advisories/sec-2020-0001/

    https://www.lsoft.com/products/maestro.asp

    Release Date:

    =============

    2020-10-20

    Product & Service Introduction:

    ===============================

    LISTSERV Maestro is an enterprise email marketing solution and allows you to easily engage your subscribers with targeted, intelligence-based opt-in campaigns. It offers easy tracking, reporting and list segmentation in a complete email marketing and analytics package.

    Vulnerability Information:

    ==============================

    Class: CWE-917 : Expression Language (EL) Injection

    Impact: Remote Code Execution

    Remotely Exploitable: Yes

    Locally Exploitable: Yes

    CVE Name: CVE-2010-1870

    Vulnerability Description:

    ==============================

    A unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

    Vulnerability Disclosure Timeline:

    ==================================

    2020-10-12: Contact Vendor and Request Security Contact Info From Support Team

    2020-10-12: Report Vulnerability Information to Vendor

    2020-10-12: Vendor Confirms Submission

    2020-10-13: Vendor Releases Patch

    2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates CVE-2010-1870 but suggest upgrading vulnerable struts library

    2020-10-15: Vendor Approves Public Disclosure

    Affected Product(s):

    ====================

    LISTSERV Maestro 9.0-8 and prior

    Severity Level:

    ===============

    High

    Proof of Concept (PoC):

    =======================

    A proof of concept will not be provided at this time.

    Solution - Fix & Patch:

    =======================

    Temporary patch: https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip

    Security Risk:

    ==============

    The security risk of this remote code execution vulnerability is estimated as high. (CVSS 10.0)

    Credits & Authors:

    ==================

    Securifera, Inc - b0yd (@rwincey)

    Disclaimer & Information:

    =========================

    The information provided in this advisory is provided as it is without any warranty. Securifera disclaims all

    warranties, either expressed or implied,

    including the warranties of merchantability and capability for a particular purpose. Securifera is not liable in any

    case of damage,

    including direct, indirect, incidental, consequential loss of business profits or special damages, even if Securifera

    or its suppliers have been advised

    of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential

    or incidental damages so the foregoing

    limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, or hack into any

    systems.

    Domains: www.securifera.com

    Contact: contact [at] securifera [dot] com

    Social: twitter.com/securifera

    Copyright C 2020 | Securifera, Inc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0298",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.0.0 to  2.1.8.1"
          },
          {
            "model": "alive enterprise",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "7.2"
          },
          {
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "4.0 (windows)"
          },
          {
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "4.1 (windows)"
          },
          {
            "model": "business edition 3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "identity services engine",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "media experience engine",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "3500"
          },
          {
            "model": "unified contact center enterprise",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.1.5"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.1"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.6"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.5"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.4"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.3"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.2"
          },
          {
            "model": "xwork",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opensymphony",
            "version": "2.0.1"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "fisheye",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.3.4"
          },
          {
            "model": "fisheye",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.2.3"
          },
          {
            "model": "crucible",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.3.2"
          },
          {
            "model": "crucible",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.2.3"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "model": "software foundation archiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3.4"
          },
          {
            "model": "software foundation archiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3.3"
          },
          {
            "model": "software foundation archiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3.1"
          },
          {
            "model": "software foundation archiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3.5"
          },
          {
            "model": "software foundation archiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3"
          },
          {
            "model": "media experience engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "56001.0"
          },
          {
            "model": "fisheye",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.3.1"
          },
          {
            "model": "crucible",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.3.3"
          },
          {
            "model": "software foundation struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "41592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:struts",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:vmware:alive_enterprise",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:vmware:vcenter_orchestrator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:business_edition_3000",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:identity_services_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:media_experience_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:cisco:unified_contact_center_enterprise",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "b0yd",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2010-1870",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-1870",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-1870",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-1870",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201008-173",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-1870",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of \"#\" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAttackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. \nThis issue is related to the vulnerability documented in BID 32101 (XWork \u0027ParameterInterceptor\u0027 Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. \n\nCisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options. \n\nCisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------\n\n\nPassionate about writing secure code?\n\nhttp://secunia.com/company/jobs/open_positions/talented_programmer\n\n\nRead this if your favourite tool is a disassembler\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nXWork \"ParameterInterceptor\" Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nRELEASE DATE:\n2010-07-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in XWork, which can be exploited by\nmalicious people to bypass certain security restrictions. \n\nThe vulnerability is caused due to the \"ParameterInterceptor\" class\nimproperly restricting access to server-side objects. This can be\nexploited to modify server-side objects and e.g. \n\nThis is related to:\nSA32495\n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nMeder Kydyraliev, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0005\nSynopsis:          VMware vCenter Orchestrator remote code execution\n                   vulnerability\nIssue date:        2011-03-14\nUpdated on:        2011-03-14 (initial release of advisory)\nCVE numbers:       CVE-2010-1870\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   A vulnerability in VMware vCenter Orchestrator(vCO) could allow\n   remote execution. \n\n2. Relevant releases\n\n   VMware vCenter Orchestrator 4.1\n   VMware vCenter Orchestrator 4.0\n\n3. Problem Description\n\n    VMware vCenter Orchestrator is an application to automate\n    management tasks. It embeds Apache Struts (version 2.0.11) which is\n    a third party component. \n\n    The following vulnerability has been reported in Apache Struts\n    2.0.11 or earlier. A remote execution of code vulnerability could\n    allow malicious users to bypass the \u0027#\u0027-usage protection built into\n    the ParametersInterceptor, which could allow server side context\n    objects to be manipulated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1870 to this vulnerability. \n\n    VMware would like to thank the Vulnerability Research Team of\n    Digital Defense, Inc. for reporting this issue to us. \n\n    Apache Struts version 2.0.11 and earlier also contain\n    vulnerabilities which have not been assigned CVE names.  This\n    advisory also addresses these vulnerabilities described at the\n    following URLs:\n\n    * http://struts.apache.org/2.2.1/docs/s2-002.html\n    * http://struts.apache.org/2.2.1/docs/s2-003.html\n    * http://struts.apache.org/2.2.1/docs/s2-004.html\n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCO            4.1       Windows  vCO fix for Apache Struts *\n    vCO            4.0       Windows  vCO fix for Apache Struts *\n\n    * Refer to VMware Knowledge Base article 1034175 for a workaround. \n\n4. Solution\n\n    Vmware vCenter Orchestrator\n    ---------------------------\n    vCenter Orchestrator workaround for Apache Struts\n    http://kb.vmware.com/kb/1034175\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-03-14  VMSA-2011-0005\nInitial security advisory in conjunction with the release of an Apache\nStruts workaround for VMware vCenter Orchestrator on 2011-03-14. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD\nJ0gV3DRUWD3NMkMKC/ysvZE=\n=8K7w\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA40558\n\nSOLUTION:\nUpdate to FishEye 2.3.3 and Crucible 2.3.3 or apply patches. \n\nFor more information:\nSA40558\n\nSOLUTION:\nFixed in the SVN repository. Document Title:\n\n===============\n\nLISTSERV Maestro Remote Code Execution Vulnerability\n\n \n\nReferences (Source):\n\n====================\n\nhttps://www.securifera.com/advisories/sec-2020-0001/\n\nhttps://www.lsoft.com/products/maestro.asp\n\n \n\nRelease Date:\n\n=============\n\n2020-10-20\n\n \n\nProduct \u0026 Service Introduction:\n\n===============================\n\nLISTSERV Maestro is an enterprise email marketing solution and allows you to\neasily engage your subscribers with targeted, intelligence-based opt-in\ncampaigns. It offers easy tracking, reporting and list segmentation in a\ncomplete email marketing and analytics package. \n\n \n\n \n\nVulnerability Information:\n\n==============================\n\nClass: CWE-917 : Expression Language (EL) Injection\n\nImpact: Remote Code Execution\n\nRemotely Exploitable: Yes\n\nLocally Exploitable: Yes\n\nCVE Name: CVE-2010-1870\n\n \n\nVulnerability Description:\n\n==============================\n\nA unauthenticated remote code execution vulnerability was found in the\nLISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems\nfrom a known issue in struts, CVE-2010-1870, that allows for code execution\nvia OGNL Injection. This vulnerability has been confirmed to be exploitable\nin both the Windows and Linux version of the software and has existed in the\nLISTSERV Maestro software since at least version 8.1-5.  As a result, a\nspecially crafted HTTP request can be constructed that executes code in the\ncontext of the web application. Exploitation of this vulnerability does not\nrequire authentication and can lead to root level privilege on any system\nrunning the LISTServ Maestro services. \n\n \n\nVulnerability Disclosure Timeline:\n\n==================================\n\n2020-10-12: Contact Vendor and Request Security Contact Info From Support\nTeam\n\n2020-10-12: Report Vulnerability Information to Vendor\n\n2020-10-12: Vendor Confirms Submission\n\n2020-10-13: Vendor Releases Patch\n\n2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates\nCVE-2010-1870 but suggest upgrading vulnerable struts library\n\n2020-10-15: Vendor Approves Public Disclosure\n\n \n\n \n\nAffected Product(s):\n\n====================\n\nLISTSERV Maestro 9.0-8 and prior\n\n \n\nSeverity Level:\n\n===============\n\nHigh\n\n \n\nProof of Concept (PoC):\n\n=======================\n\nA proof of concept will not be provided at this time. \n\n \n\nSolution - Fix \u0026 Patch:\n\n=======================\n\nTemporary patch:\nhttps://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip\n\n \n\nSecurity Risk:\n\n==============\n\nThe security risk of this remote code execution vulnerability is estimated\nas high. (CVSS 10.0)\n\n \n\nCredits \u0026 Authors:\n\n==================\n\nSecurifera, Inc - b0yd (@rwincey)\n\n \n\nDisclaimer \u0026 Information:\n\n=========================\n\nThe information provided in this advisory is provided as it is without any\nwarranty. Securifera disclaims all \n\nwarranties, either expressed or implied, \n\nincluding the warranties of merchantability and capability for a particular\npurpose. Securifera is not liable in any \n\ncase of damage, \n\nincluding direct, indirect, incidental, consequential loss of business\nprofits or special damages, even if Securifera \n\nor its suppliers have been advised \n\nof the possibility of such damages. Some states do not allow the exclusion\nor limitation of liability for consequential \n\nor incidental damages so the foregoing \n\nlimitation may not apply. We do not approve or encourage anybody to break\nany licenses, policies, or hack into any \n\nsystems. \n\n \n\nDomains: www.securifera.com\n\nContact: contact [at] securifera [dot] com\n\nSocial: twitter.com/securifera\n\n \n\nCopyright C 2020 | Securifera, Inc\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "BID",
            "id": "41592"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "db": "PACKETSTORM",
            "id": "91733"
          },
          {
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "db": "PACKETSTORM",
            "id": "91735"
          },
          {
            "db": "PACKETSTORM",
            "id": "91732"
          },
          {
            "db": "PACKETSTORM",
            "id": "159643"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=14360",
            "trust": 0.2,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-1870",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "41592",
            "trust": 2.8
          },
          {
            "db": "OSVDB",
            "id": "66280",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "159643",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "59110",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "14360",
            "trust": 1.7
          },
          {
            "db": "SREASON",
            "id": "8345",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "40558",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "40576",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "40575",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1870",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "127408",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "91733",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "99317",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "91735",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "91732",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "BID",
            "id": "41592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "db": "PACKETSTORM",
            "id": "91733"
          },
          {
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "db": "PACKETSTORM",
            "id": "91735"
          },
          {
            "db": "PACKETSTORM",
            "id": "91732"
          },
          {
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "id": "VAR-201008-0298",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.29166666
      },
      "last_update_date": "2025-04-11T23:10:07.830000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CVE-2010-1870: Struts2 remote commands execution",
            "trust": 0.8,
            "url": "http://archiva.apache.org/security.html"
          },
          {
            "title": "S2-005",
            "trust": 0.8,
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "title": "cisco-sa-20140709-struts2",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
          },
          {
            "title": "VMSA-2011-0005",
            "trust": 0.8,
            "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0005.html"
          },
          {
            "title": "cisco-sa-20140709-struts2",
            "trust": 0.8,
            "url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122766_cisco-sa-20140709-struts2-j.html"
          },
          {
            "title": "struts2-2.2.1-lib",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40173"
          },
          {
            "title": "struts2-2.2.1-apps",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40172"
          },
          {
            "title": "struts2-2.2.1-all",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40171"
          },
          {
            "title": "struts2-2.2.1-src",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40175"
          },
          {
            "title": "struts2-2.2.1-docs",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40174"
          },
          {
            "title": "Cisco: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20140709-struts2"
          },
          {
            "title": "VMware Security Advisories: VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=491bec6555e9512a68aa300b151531ed"
          },
          {
            "title": "Struts2_Bugs",
            "trust": 0.1,
            "url": "https://github.com/fupinglee/Struts2_Bugs "
          },
          {
            "title": "vulmap",
            "trust": 0.1,
            "url": "https://github.com/zhzyker/vulmap "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2014/07/14/apache_patch_cisco_catches_up_with_ancient_struts2_vuln/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/41592"
          },
          {
            "trust": 2.3,
            "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/159643/listserv-maestro-9.0-8-remote-code-execution.html"
          },
          {
            "trust": 2.1,
            "url": "http://confluence.atlassian.com/display/fisheye/fisheye+security+advisory+2010-06-16"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2020/oct/23"
          },
          {
            "trust": 1.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140709-struts2"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2010/jul/183"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/59110"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/8345"
          },
          {
            "trust": 1.7,
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.exploit-db.com/exploits/14360"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/66280"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1870"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1870"
          },
          {
            "trust": 0.8,
            "url": "http://osvdb.org/66280"
          },
          {
            "trust": 0.4,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=956389"
          },
          {
            "trust": 0.3,
            "url": "http://www.opensymphony.com/xwork/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1870"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/company/jobs/open_positions/talented_programmer"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/vulnerabilities/struts-cve-2010-1870"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=21731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/14360/"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/multi/http/struts_code_exec"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40558/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40558/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1034175"
          },
          {
            "trust": 0.1,
            "url": "http://struts.apache.org/2.2.1/docs/s2-003.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1055"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://struts.apache.org/2.2.1/docs/s2-002.html"
          },
          {
            "trust": 0.1,
            "url": "http://struts.apache.org/2.2.1/docs/s2-004.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40576/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40576"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40576/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40575/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40575/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40575"
          },
          {
            "trust": 0.1,
            "url": "https://dropbox.lsoft.us/download/lma9.0-8-patch-2020-10-13.zip"
          },
          {
            "trust": 0.1,
            "url": "https://www.lsoft.com/products/maestro.asp"
          },
          {
            "trust": 0.1,
            "url": "https://www.securifera.com/advisories/sec-2020-0001/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "BID",
            "id": "41592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "db": "PACKETSTORM",
            "id": "91733"
          },
          {
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "db": "PACKETSTORM",
            "id": "91735"
          },
          {
            "db": "PACKETSTORM",
            "id": "91732"
          },
          {
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "db": "BID",
            "id": "41592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "db": "PACKETSTORM",
            "id": "91733"
          },
          {
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "db": "PACKETSTORM",
            "id": "91735"
          },
          {
            "db": "PACKETSTORM",
            "id": "91732"
          },
          {
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-08-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "date": "2010-07-13T00:00:00",
            "db": "BID",
            "id": "41592"
          },
          {
            "date": "2011-06-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "date": "2014-07-09T17:20:53",
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "date": "2010-07-13T05:27:52",
            "db": "PACKETSTORM",
            "id": "91733"
          },
          {
            "date": "2011-03-15T01:37:07",
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "date": "2010-07-13T05:27:58",
            "db": "PACKETSTORM",
            "id": "91735"
          },
          {
            "date": "2010-07-13T05:27:50",
            "db": "PACKETSTORM",
            "id": "91732"
          },
          {
            "date": "2020-10-20T20:17:41",
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "date": "2010-08-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "date": "2010-08-17T20:00:03.407000",
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-1870"
          },
          {
            "date": "2014-09-01T01:23:00",
            "db": "BID",
            "id": "41592"
          },
          {
            "date": "2015-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2010-1870"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "127408"
          },
          {
            "db": "PACKETSTORM",
            "id": "99317"
          },
          {
            "db": "PACKETSTORM",
            "id": "159643"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apache Struts of  XWork Vulnerabilities that bypass object protection mechanisms",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-002831"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-173"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-21683 (GCVE-0-2024-21683)

    Vulnerability from nvd – Published: 2024-05-21 23:00 – Updated: 2025-05-12 15:22
    VLAI Shadowserver
    Summary
    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Confluence Data Center Affected: 8.9.0
    Affected: 8.8.0 to 8.8.1
    Affected: 8.7.1 to 8.7.2
    Affected: 8.6.0 to 8.6.2
    Affected: 8.5.0 to 8.5.8
    Affected: 8.4.0 to 8.4.5
    Affected: 8.3.0 to 8.3.4
    Affected: 8.2.0 to 8.2.3
    Affected: 8.1.0 to 8.1.4
    Affected: 8.0.0 to 8.0.4
    Affected: 7.20.0 to 7.20.3
    Affected: 7.19.0 to 7.19.21
    Unaffected: 8.9.1 to 8.9.2
    Unaffected: 8.5.9 to 8.5.10
    Unaffected: 7.19.22 to 7.19.23
    Create a notification for this product.
    atlassian confluence_data_center Affected: 8.9.0
    Affected: 8.8.0 , ≤ 8.8.1 (custom)
    Affected: 8.7.1 , ≤ 8.7.2 (custom)
    Affected: 8.6.0 , ≤ 8.6.2 (custom)
    Affected: 8.5.0 , ≤ 8.5.8 (custom)
    Affected: 8.4.0 , ≤ 8.4.5 (custom)
    Affected: 8.3.0 , ≤ 8.3.4 (custom)
    Affected: 8.2.0 , ≤ 8.2.3 (custom)
    Affected: 8.1.0 , ≤ 8.1.4 (custom)
    Affected: 8.0.0 , ≤ 8.0.4 (custom)
    Affected: 7.20.0 , ≤ 7.20.3 (custom)
    Affected: 7.19.0 , ≤ 7.1921 (custom)
    Affected: 8.9.1
    Affected: 8.5.9
    Affected: 7.19.22
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Atlassian
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.9.0"
                  },
                  {
                    "lessThanOrEqual": "8.8.1",
                    "status": "affected",
                    "version": "8.8.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.7.2",
                    "status": "affected",
                    "version": "8.7.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.6.2",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.5.8",
                    "status": "affected",
                    "version": "8.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.4.5",
                    "status": "affected",
                    "version": "8.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.3.4",
                    "status": "affected",
                    "version": "8.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.2.3",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.1.4",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.0.4",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.20.3",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.1921",
                    "status": "affected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "8.9.1"
                  },
                  {
                    "status": "affected",
                    "version": "8.5.9"
                  },
                  {
                    "status": "affected",
                    "version": "7.19.22"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21683",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-20T03:55:34.077361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:22:41.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.9.0"
                },
                {
                  "status": "affected",
                  "version": "8.8.0 to 8.8.1"
                },
                {
                  "status": "affected",
                  "version": "8.7.1 to 8.7.2"
                },
                {
                  "status": "affected",
                  "version": "8.6.0 to 8.6.2"
                },
                {
                  "status": "affected",
                  "version": "8.5.0 to 8.5.8"
                },
                {
                  "status": "affected",
                  "version": "8.4.0 to 8.4.5"
                },
                {
                  "status": "affected",
                  "version": "8.3.0 to 8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.2.0 to 8.2.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.0 to 8.1.4"
                },
                {
                  "status": "affected",
                  "version": "8.0.0 to 8.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.20.0 to 7.20.3"
                },
                {
                  "status": "affected",
                  "version": "7.19.0 to 7.19.21"
                },
                {
                  "status": "unaffected",
                  "version": "8.9.1 to 8.9.2"
                },
                {
                  "status": "unaffected",
                  "version": "8.5.9 to 8.5.10"
                },
                {
                  "status": "unaffected",
                  "version": "7.19.22 to 7.19.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Atlassian"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-14T20:55:38.532Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
            },
            {
              "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21683",
        "datePublished": "2024-05-21T23:00:00.446Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2025-05-12T15:22:41.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43958 (GCVE-0-2021-43958)

    Vulnerability from nvd – Published: 2022-03-16 00:55 – Updated: 2024-10-04 18:55
    VLAI
    Summary
    Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Restriction of Excessive Authentication Attempts
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7387"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8523"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:50:42.664622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:55:11.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:19.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7387"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8523"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43958",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7387",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7387"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8523",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8523"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43958",
        "datePublished": "2022-03-16T00:55:19.574Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:55:11.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43957 (GCVE-0-2021-43957)

    Vulnerability from nvd – Published: 2022-03-16 00:55 – Updated: 2024-10-04 18:50
    VLAI
    Summary
    Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Insecure Direct Object References (IDOR)
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7388"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8524"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:46:00.111042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:50:25.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Direct Object References (IDOR)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7388"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8524"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Direct Object References (IDOR)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7388",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7388"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8524",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8524"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43957",
        "datePublished": "2022-03-16T00:55:18.206Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:50:25.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43956 (GCVE-0-2021-43956)

    Vulnerability from nvd – Published: 2022-03-16 00:55 – Updated: 2024-10-03 14:32
    VLAI
    Summary
    The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8531"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:32:32.446269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:32:50.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:16.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8531"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7395",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7395"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8531",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8531"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43956",
        "datePublished": "2022-03-16T00:55:16.739Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:32:50.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43955 (GCVE-0-2021-43955)

    Vulnerability from nvd – Published: 2022-03-16 00:55 – Updated: 2024-10-03 14:32
    VLAI
    Summary
    The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7397"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8533"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:31:59.960541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:32:10.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7397"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7397",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7397"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8533",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43955",
        "datePublished": "2022-03-16T00:55:15.263Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:32:10.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43954 (GCVE-0-2021-43954)

    Vulnerability from nvd – Published: 2022-03-14 01:45 – Updated: 2024-10-04 18:45
    VLAI
    Summary
    The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7384"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8520"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:45:34.909968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:45:42.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T01:45:17.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7384"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-07T00:00:00",
              "ID": "CVE-2021-43954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7384",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7384"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8520",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43954",
        "datePublished": "2022-03-14T01:45:18.016Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:45:42.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14192 (GCVE-0-2020-14192)

    Vulnerability from nvd – Published: 2021-02-01 23:45 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7334"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8502"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product\u0027s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-01T23:45:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7334"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8502"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-11T00:00:00",
              "ID": "CVE-2020-14192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product\u0027s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7334",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7334"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8502",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8502"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14192",
        "datePublished": "2021-02-01T23:45:15.351Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:04.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29446 (GCVE-0-2020-29446)

    Vulnerability from nvd – Published: 2021-01-18 01:30 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
    Severity
    No CVSS data available.
    CWE
    • Insecure Direct Object References (IDOR)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Date Public
    2020-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8496"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Direct Object References (IDOR)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-18T01:30:16.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8496"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-12-10T00:00:00",
              "ID": "CVE-2020-29446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Direct Object References (IDOR)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8496",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8496"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7326",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-29446",
        "datePublished": "2021-01-18T01:30:16.421Z",
        "dateReserved": "2020-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:39.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29447 (GCVE-0-2020-29447)

    Vulnerability from nvd – Published: 2020-12-21 00:25 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Crucible Affected: unspecified , < 4.7.4 (custom)
    Affected: 4.8.0 , < unspecified (custom)
    Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Date Public
    2020-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8505"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-21T00:25:20.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8505"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-12-10T00:00:00",
              "ID": "CVE-2020-29447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8505",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8505"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-29447",
        "datePublished": "2020-12-21T00:25:20.470Z",
        "dateReserved": "2020-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:37.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14190 (GCVE-0-2020-14190)

    Vulnerability from nvd – Published: 2020-11-25 22:40 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Regex Denial of Service (ReDoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7336"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regex Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T22:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7336"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-19T00:00:00",
              "ID": "CVE-2020-14190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regex Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8498",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8498"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7336",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7336"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14190",
        "datePublished": "2020-11-25T22:40:12.690Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:22.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14191 (GCVE-0-2020-14191)

    Vulnerability from nvd – Published: 2020-11-25 21:55 – Updated: 2024-09-17 04:09
    VLAI
    Summary
    Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8501"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T21:55:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8501"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-19T00:00:00",
              "ID": "CVE-2020-14191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8501",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8501"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7332",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14191",
        "datePublished": "2020-11-25T21:55:12.551Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:09:47.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4026 (GCVE-0-2020-4026)

    Vulnerability from nvd – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Navigator Links Affected: unspecified , < 3.2.23 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.7 (custom)
    Affected: 5.0.0 , < unspecified (custom)
    Affected: unspecified , < 5.0.1 (custom)
    Affected: 5.1.0 , < unspecified (custom)
    Affected: unspecified , < 5.1.1 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Date Public
    2020-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7299"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Navigator Links",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.2.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-02T23:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7299"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-06-01T00:00:00",
              "ID": "CVE-2020-4026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Navigator Links",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.23"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.0.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7299",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7299"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8485",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-4026",
        "datePublished": "2020-06-02T23:40:12.121Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:05.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4023 (GCVE-0-2020-4023)

    Vulnerability from nvd – Published: 2020-06-01 06:35 – Updated: 2024-09-17 03:42
    VLAI
    Summary
    The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Crucible Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Date Public
    2020-05-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7298"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8482"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-05-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-01T06:35:34.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7298"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8482"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-05-29T00:00:00",
              "ID": "CVE-2020-4023",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7298",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7298"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8482",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8482"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-4023",
        "datePublished": "2020-06-01T06:35:34.336Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:42:59.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21683 (GCVE-0-2024-21683)

    Vulnerability from cvelistv5 – Published: 2024-05-21 23:00 – Updated: 2025-05-12 15:22
    VLAI Shadowserver
    Summary
    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Confluence Data Center Affected: 8.9.0
    Affected: 8.8.0 to 8.8.1
    Affected: 8.7.1 to 8.7.2
    Affected: 8.6.0 to 8.6.2
    Affected: 8.5.0 to 8.5.8
    Affected: 8.4.0 to 8.4.5
    Affected: 8.3.0 to 8.3.4
    Affected: 8.2.0 to 8.2.3
    Affected: 8.1.0 to 8.1.4
    Affected: 8.0.0 to 8.0.4
    Affected: 7.20.0 to 7.20.3
    Affected: 7.19.0 to 7.19.21
    Unaffected: 8.9.1 to 8.9.2
    Unaffected: 8.5.9 to 8.5.10
    Unaffected: 7.19.22 to 7.19.23
    Create a notification for this product.
    atlassian confluence_data_center Affected: 8.9.0
    Affected: 8.8.0 , ≤ 8.8.1 (custom)
    Affected: 8.7.1 , ≤ 8.7.2 (custom)
    Affected: 8.6.0 , ≤ 8.6.2 (custom)
    Affected: 8.5.0 , ≤ 8.5.8 (custom)
    Affected: 8.4.0 , ≤ 8.4.5 (custom)
    Affected: 8.3.0 , ≤ 8.3.4 (custom)
    Affected: 8.2.0 , ≤ 8.2.3 (custom)
    Affected: 8.1.0 , ≤ 8.1.4 (custom)
    Affected: 8.0.0 , ≤ 8.0.4 (custom)
    Affected: 7.20.0 , ≤ 7.20.3 (custom)
    Affected: 7.19.0 , ≤ 7.1921 (custom)
    Affected: 8.9.1
    Affected: 8.5.9
    Affected: 7.19.22
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Atlassian
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.9.0"
                  },
                  {
                    "lessThanOrEqual": "8.8.1",
                    "status": "affected",
                    "version": "8.8.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.7.2",
                    "status": "affected",
                    "version": "8.7.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.6.2",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.5.8",
                    "status": "affected",
                    "version": "8.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.4.5",
                    "status": "affected",
                    "version": "8.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.3.4",
                    "status": "affected",
                    "version": "8.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.2.3",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.1.4",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "8.0.4",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.20.3",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "7.1921",
                    "status": "affected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "8.9.1"
                  },
                  {
                    "status": "affected",
                    "version": "8.5.9"
                  },
                  {
                    "status": "affected",
                    "version": "7.19.22"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21683",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-20T03:55:34.077361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:22:41.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.9.0"
                },
                {
                  "status": "affected",
                  "version": "8.8.0 to 8.8.1"
                },
                {
                  "status": "affected",
                  "version": "8.7.1 to 8.7.2"
                },
                {
                  "status": "affected",
                  "version": "8.6.0 to 8.6.2"
                },
                {
                  "status": "affected",
                  "version": "8.5.0 to 8.5.8"
                },
                {
                  "status": "affected",
                  "version": "8.4.0 to 8.4.5"
                },
                {
                  "status": "affected",
                  "version": "8.3.0 to 8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.2.0 to 8.2.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.0 to 8.1.4"
                },
                {
                  "status": "affected",
                  "version": "8.0.0 to 8.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.20.0 to 7.20.3"
                },
                {
                  "status": "affected",
                  "version": "7.19.0 to 7.19.21"
                },
                {
                  "status": "unaffected",
                  "version": "8.9.1 to 8.9.2"
                },
                {
                  "status": "unaffected",
                  "version": "8.5.9 to 8.5.10"
                },
                {
                  "status": "unaffected",
                  "version": "7.19.22 to 7.19.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Atlassian"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-14T20:55:38.532Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
            },
            {
              "url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21683",
        "datePublished": "2024-05-21T23:00:00.446Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2025-05-12T15:22:41.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43958 (GCVE-0-2021-43958)

    Vulnerability from cvelistv5 – Published: 2022-03-16 00:55 – Updated: 2024-10-04 18:55
    VLAI
    Summary
    Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Restriction of Excessive Authentication Attempts
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7387"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8523"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43958",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:50:42.664622Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:55:11.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:19.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7387"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8523"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43958",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7387",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7387"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8523",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8523"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43958",
        "datePublished": "2022-03-16T00:55:19.574Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:55:11.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43957 (GCVE-0-2021-43957)

    Vulnerability from cvelistv5 – Published: 2022-03-16 00:55 – Updated: 2024-10-04 18:50
    VLAI
    Summary
    Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Insecure Direct Object References (IDOR)
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.9 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7388"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8524"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:46:00.111042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:50:25.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Direct Object References (IDOR)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7388"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8524"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Direct Object References (IDOR)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7388",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7388"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8524",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8524"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43957",
        "datePublished": "2022-03-16T00:55:18.206Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:50:25.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43956 (GCVE-0-2021-43956)

    Vulnerability from cvelistv5 – Published: 2022-03-16 00:55 – Updated: 2024-10-03 14:32
    VLAI
    Summary
    The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8531"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:32:32.446269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:32:50.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:16.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8531"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7395",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7395"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8531",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8531"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43956",
        "datePublished": "2022-03-16T00:55:16.739Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:32:50.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43955 (GCVE-0-2021-43955)

    Vulnerability from cvelistv5 – Published: 2022-03-16 00:55 – Updated: 2024-10-03 14:32
    VLAI
    Summary
    The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7397"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8533"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:31:59.960541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:32:10.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-16T00:55:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7397"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-14T00:00:00",
              "ID": "CVE-2021-43955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7397",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7397"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8533",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43955",
        "datePublished": "2022-03-16T00:55:15.263Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:32:10.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43954 (GCVE-0-2021-43954)

    Vulnerability from cvelistv5 – Published: 2022-03-14 01:45 – Updated: 2024-10-04 18:45
    VLAI
    Summary
    The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.9 (custom)
    Create a notification for this product.
    Date Public
    2022-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7384"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8520"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T18:45:34.909968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T18:45:42.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T01:45:17.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7384"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8520"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-07T00:00:00",
              "ID": "CVE-2021-43954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7384",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7384"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8520",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8520"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43954",
        "datePublished": "2022-03-14T01:45:18.016Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-04T18:45:42.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14192 (GCVE-0-2020-14192)

    Vulnerability from cvelistv5 – Published: 2021-02-01 23:45 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7334"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8502"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product\u0027s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-01T23:45:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7334"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8502"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-11T00:00:00",
              "ID": "CVE-2020-14192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product\u0027s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7334",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7334"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8502",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8502"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14192",
        "datePublished": "2021-02-01T23:45:15.351Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:04.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29446 (GCVE-0-2020-29446)

    Vulnerability from cvelistv5 – Published: 2021-01-18 01:30 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
    Severity
    No CVSS data available.
    CWE
    • Insecure Direct Object References (IDOR)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Date Public
    2020-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8496"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Direct Object References (IDOR)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-18T01:30:16.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8496"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-12-10T00:00:00",
              "ID": "CVE-2020-29446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye \u0026 Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Direct Object References (IDOR)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8496",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8496"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7326",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-29446",
        "datePublished": "2021-01-18T01:30:16.421Z",
        "dateReserved": "2020-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:39.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29447 (GCVE-0-2020-29447)

    Vulnerability from cvelistv5 – Published: 2020-12-21 00:25 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Crucible Affected: unspecified , < 4.7.4 (custom)
    Affected: 4.8.0 , < unspecified (custom)
    Affected: unspecified , < 4.8.5 (custom)
    Create a notification for this product.
    Date Public
    2020-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8505"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-21T00:25:20.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8505"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-12-10T00:00:00",
              "ID": "CVE-2020-29447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8505",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8505"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-29447",
        "datePublished": "2020-12-21T00:25:20.470Z",
        "dateReserved": "2020-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:37.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14190 (GCVE-0-2020-14190)

    Vulnerability from cvelistv5 – Published: 2020-11-25 22:40 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Regex Denial of Service (ReDoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7336"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regex Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T22:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7336"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-19T00:00:00",
              "ID": "CVE-2020-14190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regex Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8498",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8498"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7336",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7336"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14190",
        "datePublished": "2020-11-25T22:40:12.690Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:22.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14191 (GCVE-0-2020-14191)

    Vulnerability from cvelistv5 – Published: 2020-11-25 21:55 – Updated: 2024-09-17 04:09
    VLAI
    Summary
    Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service (DoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Fisheye Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.4 (custom)
    Create a notification for this product.
    Date Public
    2020-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8501"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-25T21:55:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8501"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-11-19T00:00:00",
              "ID": "CVE-2020-14191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application\u0027s availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service (DoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8501",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8501"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7332",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14191",
        "datePublished": "2020-11-25T21:55:12.551Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:09:47.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4026 (GCVE-0-2020-4026)

    Vulnerability from cvelistv5 – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Navigator Links Affected: unspecified , < 3.2.23 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.7 (custom)
    Affected: 5.0.0 , < unspecified (custom)
    Affected: unspecified , < 5.0.1 (custom)
    Affected: 5.1.0 , < unspecified (custom)
    Affected: unspecified , < 5.1.1 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Date Public
    2020-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7299"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Navigator Links",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.2.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-02T23:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7299"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-06-01T00:00:00",
              "ID": "CVE-2020-4026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Navigator Links",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.23"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.0.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7299",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7299"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8485",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-4026",
        "datePublished": "2020-06-02T23:40:12.121Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:05.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }