Atlassian CVE coverage for Jira, Confluence, Bitbucket, and collaboration platforms commonly exposed in business environments.
Vendor watch hub
The Atlassianwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Nov 11, 2024, 6:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 14 most recent items, newest first. Each row links to the official advisory.
14 rows · sorted newest first
Operations viewAtlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. Known ransomware use: Known.
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data. Known ransomware use: Known.
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. Known ransomware use: Known.
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. Known ransomware use: Known.
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. Known ransomware use: Known.
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. Known ransomware use: Known.
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. Known ransomware use: Known.
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. Known ransomware use: Known.
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Atlassian Jira Server and Data Center Path Traversal VulnerabilityAtlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint. Jira Server and Data Center | criticalCVE-2021-26086 Critical | active | Nov 11, 2024, 6:00 PM | CISA KEVOpen source |
Atlassian Confluence Data Center and Server Template Injection VulnerabilityAtlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. Known ransomware use: Known. Confluence Data Center and Server | criticalCVE-2023-22527 Critical | active | Jan 23, 2024, 6:00 PM | CISA KEVOpen source |
Atlassian Confluence Data Center and Server Improper Authorization VulnerabilityAtlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data. Known ransomware use: Known. Confluence Data Center and Server | criticalCVE-2023-22518 Critical | active | Nov 6, 2023, 6:00 PM | CISA KEVOpen source |
Atlassian Confluence Data Center and Server Broken Access Control VulnerabilityAtlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. Known ransomware use: Known. Confluence Data Center and Server | criticalCVE-2023-22515 Critical | active | Oct 4, 2023, 7:00 PM | CISA KEVOpen source |
Atlassian Bitbucket Server and Data Center Command Injection VulnerabilityMultiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request. Bitbucket Server and Data Center | criticalCVE-2022-36804 Critical | active | Sep 29, 2022, 7:00 PM | CISA KEVOpen source |
Atlassian Questions For Confluence App Hard-coded Credentials VulnerabilityAtlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group. Confluence | criticalCVE-2022-26138 Critical | active | Jul 28, 2022, 7:00 PM | CISA KEVOpen source |
Atlassian Confluence Server and Data Center Remote Code Execution VulnerabilityAtlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. Known ransomware use: Known. Confluence Server/Data Center | criticalCVE-2022-26134 Critical | active | Jun 1, 2022, 7:00 PM | CISA KEVOpen source |
Atlassian Confluence Server Pre-Authorization Arbitrary File Read VulnerabilityAffected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. Known ransomware use: Known. Confluence Server | criticalCVE-2021-26085 Critical | active | Mar 27, 2022, 7:00 PM | CISA KEVOpen source |
Atlassian Jira Server and Data Center Server-Side Template Injection VulnerabilityAtlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. Jira Server and Data Center | criticalCVE-2019-11581 Critical | active | Mar 6, 2022, 6:00 PM | CISA KEVOpen source |
Atlassian Crowd and Crowd Data Center Remote Code Execution VulnerabilityAtlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. Known ransomware use: Known. Crowd and Crowd Data Center | criticalCVE-2019-11580 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection VulnerabilityAtlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. Known ransomware use: Known. Confluence Server and Data Center | criticalCVE-2021-26084 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Atlassian Confluence Server and Data Center Path Traversal VulnerabilityAtlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution. Confluence Server and Data Center | criticalCVE-2019-3398 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Atlassian Confluence Server and Data Center Server-Side Template Injection VulnerabilityAtlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. Known ransomware use: Known. Confluence Server and Data Server | criticalCVE-2019-3396 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
bamboo vulnerability (CVE-2012-2926)Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. bamboo | CRITICALCVE-2012-2926 Elevated | watch | May 22, 2012, 10:55 AM | NVDOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Atlassian-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Atlassian issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Atlassian advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.