4195 matches found
Pushing a code with an unlicensed user is possible if it was once a licensed user and an SSH key is added to user's profile
h3. Issue Summary If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code. h3. Environment Every environment. h3. Steps to Reproduce Create a new user. Add any...
Make use of Secure Introspector in Velocity Templates - CVE-2019-20409
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...
SSRF via REST API /plugins/servlet/gadgets/makeRequest
Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...
Upgrade Apache Commons-text for CVE-2022-42889
h3. BUG RE-OPENED Jira Service Management 5.4.3 which was supposed to be fixed at 9.4.3 / 5.4.3 is still generating files with common text library of 1.6 version in the /plugins/.osgi-plugins folder. Even after deleting these files, they keep generating them back again in the next restart. Due to...
disable XSRF check property has no effect on REST API
When disable the xsrf through the property in jira.xsrf.enabled=false in jira-config.properties according to the page|https://developer.atlassian.com/display/JIRADEV/Form+Token+Handling, it doesn't stop the xsrf checking when using JIRA REST API. However, the property took effect when you try som...
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
h3. Summary Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. h3. Affected versions: version 8.5.8 8.6....
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...
Unable to secure remote agents via automatic keystore management
h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...
Jira uses vulnerable jQuery version CVE-2015-9251
h3. Issue Summary jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jira uses jQuery 2.2.4 as of Jira 8.8.0 https://nvd.nist.gov/vuln/detail/CVE-2015-92...
XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of quick filters. h3. Workaround Disable the gadget. - Navigate to Administration Add-ons Manage add-ons and se...
Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured
The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...
Upgrade to Tomcat 8.5.32 necessary
There are new vulnerabilities reported by apache: http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E It is...
Open redirect in the XsrfErrorAction resource - CVE-2018-13401
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0...
Open redirect in many resources - CVE-2018-13402
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before versio...
XSS in the issue collector through invalid values for a custom field - CVE-2018-5230
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...
Path traversal Vulnerability in the review attachment resource - CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...
The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103
The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...
The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103
The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...
Any user able to manage space watcher using REST API
h3. Summary Any Confluence user is able to manage Space Watcher by using REST API h3. Steps to Reproduce Create a user that belongs to the "confluence-users" group example: user1 Using an Adminstrator user, create a new space and restrict the space to the administrator user As the normal user...
Issue reporter and assignee user email addresses were disclosed regardless of the email visibility setting - CVE-2018-13391
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...
XSS in various types of nested wiki markup - CVE-2017-18102
The bundled version of atlassian-renderer in Atlassian JIRA before version 7.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
Several administrative resources missing WebSudo (improper access control vulnerability) - CVE-2018-13400
Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version...
Missing authentication checks in various administrative system import resources - CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
XSS through header injection in the /browse/~raw resource - CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Jira system is currently using underscore.js 1.9.1. However, it is being affected due to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the...
XSS in the searchrequest-xml resource through various fields - CVE-2017-18098
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through various fields...
jQuery 2.2.4 is vulnerable to prototype pollution
Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...
Our documentation for running Confluence behind a http that terminates https is probably incorrect
Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...
CVE-2019-11581 - Template injection in various resources
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...
The acceptAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user accept an answer via a Cross-site request forgery CSRF vulnerability...
Remote Code Execution via in Browser Editing - CVE-2018-5225
An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. Affected versions: All versions of Bitbucket Server before 5.4.8 the fixed version for 4.13.0 through to 5.4.7, 5.5.0 before 5.5.8 the...
XSS in various types of nested wiki markup - CVE-2017-18102
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...
XSS in EditIssue.jspa through the issuetype parameter - CVE-2018-5232
The EditIssue.jspa resource in Atlassian Jira Server before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuetype parameter...
XSS in various resources when moving issues through the Epic Colour field of an issue - CVE-2018-13395
Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...
XSS in labels widget
If a user can control the content returned by code/rest/dashboards/1.0//gadget/10100/prefscode they can update the searchUrl field to execute a stored XSS. Here are the steps to reproduce: Upload an attachment to a ticket with the following content:...
Honeypot strategy is no longer effectively preventing spam account signup
panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...
Path traversal Vulnerability in the review attachment resource - CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...
User emails visible in page source
A customer reported that user emails are being included in the page source on issue pages. Even with email visibility set to "Hidden", the reporter and assignee emails are included in the page source. The email is in an attribute called data-user as part of a span tag. Example from this page:...
XSS Vulnerability in Code Block Macro
h3. Summary There appears to be an XSS vulnerability when using the powershell syntax from within the Confluence Code Block Macro h3. Environment Confluence 6.6.6 h3. Steps to Reproduce Create a test page add macros code block select language=powershell enter...
XSS in the Trello board importer resource - CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trell...
Upgrade Tomcat to the version 8.5.32
h4. Problem Current version of Tomcat 8.5.6 bundled with JIRA pre 7.12.1 is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9...
XSS in labels widget
If a user can control the content returned by code/rest/dashboards/1.0//gadget/10100/prefscode they can update the searchUrl field to execute a stored XSS. Here are the steps to reproduce: Upload an attachment to a ticket with the following content:...
RCE (Remote Code Execution) in Confluence Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of , allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high...
The bundled version of atlassian-rest had a weakness in its Cross-site request forgery protection
The bundled version of atlassian-rest in Atlassian Crowd before version 2.8.4 and from version 2.9.0 before version 2.9.1 was vulnerable to a Cross-site request forgery CSRF vulnerability in certain browsers, for example chrome, due to an assumption that non-simple content-types could not be sent...
XSS in IncomingMailServer resource - CVE-2018-13387
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML ...
XSS in User Macros, Macro Title and Icon URL
h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code
h3. Summary Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code h3. Steps to Reproduce Log in to customer portal and create a new request Attach new SVG file which contains JavaScript code filename: smiley-test.svg: !screenshot-1.png|thumbnail! After the...