Every CVE whose affected-product data names Atlassian Fisheye, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (52)
CVE-2021-43958 — CVSS 9.8 (critical): Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest…
CVE-2017-16861 — CVSS 9.8 (critical): It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2017-14591 — CVSS 9.0 (critical): Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2020-4018 — CVSS 8.8 (high): The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a…
CVE-2018-13399 — CVSS 7.8 (high): The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges…
CVE-2017-9511 — CVSS 7.5 (high): The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary…
CVE-2017-9512 — CVSS 7.5 (high): The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access…
CVE-2020-14191 — CVSS 7.5 (high): Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service…
CVE-2020-14190 — CVSS 7.5 (high): Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL…
CVE-2021-43957 — CVSS 7.5 (high): Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References…
CVE-2018-5223 — CVSS 7.2 (high): Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system…
CVE-2017-18112 — CVSS 6.5 (medium): Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure…
CVE-2017-16859 — CVSS 6.5 (medium): The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version…
CVE-2018-13398 — CVSS 6.5 (medium): The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify…
CVE-2021-43956 — CVSS 6.1 (medium): The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or…
CVE-2017-18090 — CVSS 6.1 (medium): Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers…
CVE-2018-13392 — CVSS 6.1 (medium): Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via…
CVE-2017-14588 — CVSS 6.1 (medium): Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via…
CVE-2018-5228 — CVSS 6.1 (medium): The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or…
CVE-2019-15008 — CVSS 6.1 (medium): The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject…
CVE-2017-9509 — CVSS 5.4 (medium): The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript…
CVE-2020-4023 — CVSS 5.4 (medium): The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or…
CVE-2018-20241 — CVSS 5.4 (medium): The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary…
CVE-2017-9508 — CVSS 5.4 (medium): Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via…
CVE-2018-13388 — CVSS 5.4 (medium): The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or…
CVE-2017-9510 — CVSS 5.4 (medium): The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2017-9507 — CVSS 5.4 (medium): The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary…
CVE-2017-14587 — CVSS 5.4 (medium): The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject…
CVE-2020-4013 — CVSS 5.4 (medium): The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript…
CVE-2017-18034 — CVSS 5.4 (medium): The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write…
CVE-2020-29446 — CVSS 5.3 (medium): Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References…
CVE-2020-4017 — CVSS 5.3 (medium): The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1…
CVE-2020-4016 — CVSS 5.3 (medium): The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows…
CVE-2017-18094 — CVSS 4.8 (medium): Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers…
CVE-2017-18091 — CVSS 4.8 (medium): The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0…
CVE-2017-18093 — CVSS 4.8 (medium): Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote…
CVE-2018-20240 — CVSS 4.8 (medium): The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary…
CVE-2019-15007 — CVSS 4.8 (medium): The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript…
CVE-2020-4015 — CVSS 4.3 (medium): The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user…
CVE-2021-43954 — CVSS 4.3 (medium): The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository…
CVE-2021-43955 — CVSS 4.3 (medium): The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain…
CVE-2020-4014 — CVSS 4.3 (medium): The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another…
CVE-2020-14192 — CVSS 4.3 (medium): Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure…
CVE-2019-15009 — CVSS 4.3 (medium): The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…
CVE-2011-4822 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to…
CVE-2017-18035 — CVSS 4.3 (medium): The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0…