COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Atlassian vendor

13
failure events
1
zero-days
8
RCEs
13
on KEV
8
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 13 events

DateEventSevFlagsShameSummary
2024-01-24 CVE-2023-22527 critical ⚡RCE ⌖KEV 95 Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
2022-06-02 CVE-2022-26134 critical ⚡RCE ◐0day ⌖KEV 95 Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
2021-11-03 CVE-2019-3396 critical ⚡RCE ⌖KEV 95 Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.
2021-11-03 CVE-2021-26084 critical ⚡RCE ⌖KEV 95 Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
2021-11-03 CVE-2019-11580 critical ⚡RCE ⌖KEV 95 Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
2023-11-07 CVE-2023-22518 critical ⌖KEV 80 Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.
2023-10-05 CVE-2023-22515 critical ⌖KEV 80 Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.
2022-03-28 CVE-2021-26085 critical ⌖KEV 80 Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
2022-09-30 CVE-2022-36804 high ⚡RCE ⌖KEV 65 Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
2022-03-07 CVE-2019-11581 high ⚡RCE ⌖KEV 65 Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
2021-11-03 CVE-2019-3398 high ⚡RCE ⌖KEV 65 Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.
2024-11-12 CVE-2021-26086 high ⌖KEV 50 Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.
2022-07-29 CVE-2022-26138 high ⌖KEV 50 Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.