Matt Hart

#7262of 53,632
37.6Total CVSS
Vulnerabilities · 4
High
1
Critical
3
PT-2018-16816
9.9
2018-03-22
Atlassian · Bitbucket Server · CVE-2018-5225
**Name of the Vulnerable Software and Affected Versions** Atlassian Bitbucket Server versions 4.13.0 through 5.4.7 Atlassian Bitbucket Server versions 5.5.0 through 5.5.7 Atlassian Bitbucket Server versions 5.6.0 through 5.6.4 Atlassian Bitbucket Server versions 5.7.0 through 5.7.2 Atlassian Bitbucket Server versions 5.8.0 through 5.8.1 **Description** The issue allows authenticated users to gain remote code execution using the in-browser editing feature via editing a symbolic link within a repository. **Recommendations** For versions 4.13.0 through 5.4.7, update to version 5.4.8 or later. For versions 5.5.0 through 5.5.7, update to version 5.5.8 or later. For versions 5.6.0 through 5.6.4, update to version 5.6.5 or later. For versions 5.7.0 through 5.7.2, update to version 5.7.3 or later. For versions 5.8.0 through 5.8.1, update to version 5.8.2 or later.
PT-2017-18107
8.8
2017-05-05
Atlassian · Ichat Server · CVE-2017-8080
**Name of the Vulnerable Software and Affected Versions** Atlassian Hipchat Server versions prior to 2.2.4 **Description** The issue allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue.
PT-2017-17680
9.1
2017-04-14
Atlassian · Ichat Server · CVE-2017-7357
**Name of the Vulnerable Software and Affected Versions** Hipchat Server versions prior to 2.2.3 **Description** The issue allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue.
PT-2017-16807
9.8
2017-04-10
Atlassian · Jira · CVE-2017-5983
**Name of the Vulnerable Software and Affected Versions** Atlassian JIRA Server versions prior to 6.3.0 **Description** The issue is related to the improper use of an XML parser and deserializer in the JIRA Workflow Designer Plugin. This allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. **Recommendations** For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the JIRA Workflow Designer Plugin until a patch is applied.