128 matches found
Authentication fails on Push to Stash
When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...
Authentication fails on Push to Stash
When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...
XSS when adding Stash Linked Repositories
Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...
XSS when adding Stash Linked Repositories
Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...
IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be...
Stash 1.0.3 - Multiple SQL Injection Vulnerabilities
No description provided by source. Stash v1.0.3 Admin bypass / Remote File Disclosure AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...
Cannot create page/s using "Create Page" Button
We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...
Stash uses plain text passwords in the database for the Crowd User Directory
I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...
Stash uses plain text passwords in the database for the Crowd User Directory
I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...
User avatar upload endpoint is vulnerable to XSRF
Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...
User avatar upload endpoint is vulnerable to XSRF
Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...
Privilege escalation
We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...
Privilege escalation
We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...
Upgrade bundled Tomcat due to security vulnerabilities
There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: CVE-2013-2067|http://mail-archives.apache.org/modmbox/www-announce/201305.mbox/%[email protected]%3E...
Upgrade bundled Tomcat due to security vulnerabilities
There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: CVE-2013-2067|http://mail-archives.apache.org/modmbox/www-announce/201305.mbox/%[email protected]%3E...
Persistent Cross Site Scripting Vulnerability
We have identified and fixed a persistent cross-site scripting XSS vulnerabilities that affects Stash instances, including publicly available instances that is, Internet-facing servers. XSS vulnerabilities allow an attacker to embed their own JavaScript into a Stash page. More information is...
Persistent Cross Site Scripting Vulnerability
We have identified and fixed a persistent cross-site scripting XSS vulnerabilities that affects Stash instances, including publicly available instances that is, Internet-facing servers. XSS vulnerabilities allow an attacker to embed their own JavaScript into a Stash page. More information is...
Stash 1.0.3 Cross Site Scripting
Author: Author: Mr.SeCreT E-mail: [email protected] From: Syria http://english.islamweb.net/ Script Information: Script: Stash 1.0.3 Remote XSS Vulnerability Language: PHP Download: http://garr.dl.sourceforge.net/project/nice-stash/Stash%20CMS/1.0.3/stash-1.0.3.zip Vul Code: footer.inc.php: "My In...