Lucene search
K

966 matches found

Atlassian
Atlassian
added 2014/03/11 5:51 a.m.20 views

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/11 5:51 a.m.30 views

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/11 5:51 a.m.19 views

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/30 6:26 p.m.20 views

/rest/menu/1.0/appswitcher displays data unauthenticated

"Calling" this function returns data without any authentication required: noformat curl https://support.atlassian.com/rest/menu/latest/appswitcher | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 787 0 787 0 0 531 0...

7.3AI score
Exploits0
Atlassian
Atlassian
added 2013/03/19 12:45 a.m.22 views

XSS in organisationId in /secure/admin/UpdateBitbucketCredentials.jspa

OrganisationId is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link. noformat GET...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/19 12:45 a.m.23 views

XSS in organisationId in /secure/admin/UpdateBitbucketCredentials.jspa

OrganisationId is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link. noformat GET...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder