4295 matches found
Update Apache Struts 2 to avoid CVE-2020-17530
Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...
Security improvements to the Velocity Uberspector
This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...
XSS in branch name
h3. Issue Summary Advisory: Stored Cross-site scripting Description =========== Short summary of the vulnerability. A stored cross-site scripting XSS vulnerability was discovered in the Commits section of the Bitbucket application. An attacker can create a branch and inject an XSS payload into th...
Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability...
The team calendar event notification should not contain Confluence version number
h3. Issue Summary The team calendar notification template shows the Confluence version number in the footer, which might be a security vulnerability for some customers. h3. Steps to Reproduce Create an event on the Confluence team calendar and wait for the reminder email to be sent. h3. Expected...
The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery CSRF...
The ViewSystemInfo class doGarbageCollection method was vulnerable to CSRF - CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...
XSS in /includes/decorators/global-translations.jsp
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61888. panel Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to...
Rest API XSS
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14. The vulnerability is located at /rest/prototype/1/session/check/something POC URL: http:///confpath/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E This was confirmed in t...
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Bitbucket Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2022-26133
Update: 2022/04/08 23:00 UTC Coordinated Universal Time, +0 hours Assigned CVE-2022-26133 to this vulnerability, which was determined to be similar to CVE-2016-10750 yet slightly different and specific to Bitbucket Note the new CVE assignment does not change any other information in this advisory...
Unicode characters allow malicious code to be hidden from a human reviewer (Confluence Server) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Confluence Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by th...
Jira is affected by Tomcat CVE-2020-13943
Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2020-13943|https://vulners.com/cve/CVE-2020-13943. The affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from versi...
Project enumeration via Jira Projects plugin report page - CVE-2020-29451
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version...
XSS in Issue - Attachments - CVE-2020-4025
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a rdf content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...
User enumeration in the login.jsp resource - CVE-2019-8448
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability...
XSS in the two-dimensional filter statistics gadget on a Jira dashboard - CVE-2018-13403
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of ...
The bundled Atlassian Application Links plugin had various XSS issues - CVE-2018-5227
Application Links needs to be updated see https://ecosystem.atlassian.net/browse/APL-1356. The affected versions of Application Links is/are before version 5.4.4...
XSS through a project or filter name in the PieChart gadget - CVE-2017-16863
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a project or filter...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...
RCE (Remote Code Execution) in - CVE-2022-1471
h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed...
Upgrade Postgres for CVE-2022-41946
h3. Issue Summary The version of Postgresql bundled in Bitbucket is affected by CVE-2022-41946|https://nvd.nist.gov/vuln/detail/CVE-2022-41946 as described below: quote pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...
Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505
Affected versions of Atlassian Jira Server and Data Center used versions of XStream that were vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. The affected versions of Jira Server and Data Center are before version 8.18.0. Affected versions:...
Stored XSS on Jira Issue XML Export - CVE-2021-26082
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in XML Export. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0. Affected...
Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446
Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...
XSS in malicious repository file
A malicious file added to a repository will cause an XSS to file inside of FishEye...
JIRA puts a user's XSRF token in various resources.
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61250. panel h5. Steps to Reproduce: Log into JIRA Log out from JIRA h5. Expected Results: The URL shown in the address bar does not show the...
Full Read SSRF in Mobile Plugin CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Jira Management Server and Data Center versions from versi...
Full Read SSRF in Mobile Plugin CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...
Unicode characters allow malicious code to be hidden from a human reviewer (JSM Server & Insight asset management App) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Jira Service Management Server / DC and Insight Asset Management app where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These specia...
Unicode characters allow malicious code to be hidden from a human reviewer (Bitbucket Server / DC) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Bitbucket Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the...
Cached content persisting after disabling anonymous access for allowlist URLs - CVE-2021-39113
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version...
XSS in fieldID - CVE 2021-26079
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected...
Tomcat PersistenceManager vulnerabilities - CVE-2021-25329 and CVE-2021-25122
Affected versions of Atlassian Jira Server and Data Center are susceptible to Tomcat PersistenceManager vulnerabilities. Affected versions: ≤ 8.16.0 Fixed versions: pending...
Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...
Information disclosure of repository HTTP password in logs - CVE-2017-18112
Affected versions of Atlassian FishEye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. Affected versions: version 4.8.3 Fixed versions: 4.8.3 4.9.0...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
Active Directory/LDAP credentials stored in database in cleartext
We use an Active Directory server for authenticating our JIRA users, and a MySQL server for storing our JIRA data. We were extremely alarmed to discover that the username and password used for accessing the AD server are stored in cleartext in the MySQL database. Anyone who is able to compromise...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
Security vulnerability in apache commons fileupload
Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library...
UI Redressing (Clickjacking)
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to fra...
RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2022-1471
h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed v...
Upgrade Apache Commons-text for CVE-2022-42889
h3. DISCLAIMER panel:bgColor=e3fcef ! Crowd IS NOT VULNERABLE to CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889. This bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next...
Jira: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
The version of log4j used by Jira has been updated from version 1.2.17-atlassian-3 to 1.2.17-atlassian-16 to address the following vulnerabilities: CVE-2021-4104|https://vulners.com/cve/CVE-2021-4104 JMSAppender is vulnerable to a deserialization flaw. A local attacker with privileges to update t...
Unicode characters allow malicious code to be hidden from a human reviewer (Bitbucket Server / DC) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Bitbucket Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the...
Template Injection in Email Templates leads to RCE on Jira Service Management Server - CVE-2021-39128
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira...
Unauthenticated users can inject messages into the XSRF token error page
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to display arbitrary messages in the application via an injection vulnerability in the XSRF token error page. The affected versions are before version 8.5.14, and from version 8.6.0 before 8.12.1. ...
Anonymously accessible Dashboards can leak private information via configured gadgets - CVE-2020-36287
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. Affected...
XSS in Navigation - Search - CVE-2020-14169
The quick search component in Atlassian Jira Server and Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. Affected versions: version 8.9.1 Fixed versions: 8.9.1 8.10.0...