EUVD-2019-10949

Malware in sbrugna...

Atlassian Jira 8.6.x < 8.13.4 Cookie Without Secure Flag

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.0. It is, therefore, affected by a missing cookie secure flag vulnerability in jira.editor.user.mode cookie when Jira is configured with...

PT-2019-10264 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Jira versions prior to 7.12.3 Description: The issue is related to a missing authorization check in the inline-create rest resource, allowing authenticated remote attackers to set the reporter in issues. Recommendations: For versions prior to...

JIRA and HipChat for JIRA Plugin - Velocity Template Injection

JIRA and HipChat for JIRA Plugin - Velocity Template Injection JIRA and HipChat for JIRA plugin Velocity Template Injection Vulnerability Date: 2015-08-26 CVE ID: CVE-2015-5603 Vendor Link:...

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...