Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Activity Streams by Atlassian

    CVE-2017-9513 (GCVE-0-2017-9513)

    Vulnerability from cvelistv5 – Published: 2018-01-29 19:00 – Updated: 2024-09-17 02:53
    VLAI
    Summary
    Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control (CWE-284)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Activity Streams Affected: All versions prior to version 6.3.0
    Create a notification for this product.
    Date Public
    2017-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:01.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
              },
              {
                "name": "102869",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102869"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Activity Streams",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 6.3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control (CWE-284)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-01T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
            },
            {
              "name": "102869",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102869"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2017-09-07T00:00:00",
              "ID": "CVE-2017-9513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Activity Streams",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 6.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control (CWE-284)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ecosystem.atlassian.net/browse/STRM-2350",
                  "refsource": "CONFIRM",
                  "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
                },
                {
                  "name": "102869",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102869"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-9513",
        "datePublished": "2018-01-29T19:00:00.000Z",
        "dateReserved": "2017-06-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:33.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9513 (GCVE-0-2017-9513)

    Vulnerability from nvd – Published: 2018-01-29 19:00 – Updated: 2024-09-17 02:53
    VLAI
    Summary
    Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control (CWE-284)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Activity Streams Affected: All versions prior to version 6.3.0
    Create a notification for this product.
    Date Public
    2017-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:01.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
              },
              {
                "name": "102869",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102869"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Activity Streams",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 6.3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control (CWE-284)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-01T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
            },
            {
              "name": "102869",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102869"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2017-09-07T00:00:00",
              "ID": "CVE-2017-9513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Activity Streams",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 6.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control (CWE-284)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ecosystem.atlassian.net/browse/STRM-2350",
                  "refsource": "CONFIRM",
                  "url": "https://ecosystem.atlassian.net/browse/STRM-2350"
                },
                {
                  "name": "102869",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102869"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-9513",
        "datePublished": "2018-01-29T19:00:00.000Z",
        "dateReserved": "2017-06-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:33.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }