4295 matches found
Local Privilege Escalation via DLL hijack - CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center...
Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)
A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...
MITM in Repository Import - CVE-2020-14171
Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Jira with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...
XSS Vulnerability in wiki markup
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-51825. panel Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various...
Two factor Authentication
As a company IT administrator of our company I want that all users authenticate to bamboo in two steps username password & app or sms. So that I'm always sure that a employee of our company logs in bamboo instead of a hacker. This makes even my infrastructure more secure...
Update Java version bundled found in the installer to a version >= 1.8u71
Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...
DoS (Denial of Service) org.eclipse.jetty:jetty-io Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-io Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-io Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...
Info Disclosure com.google.guava:guava in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of...
Confluence Apache Tomcat CVE-2022-34305
This is reproducible on Data Center: yes The current version of Tomcat 9.0.63 is bundled with Confluence 7.18.2 and Confluence 7.13.8 are vulnerable to CVE-2022-34305 https://vulners.com/cve/CVE-2022-34305 h3. Steps to Reproduce - h3. Expected Results - h3. Actual Results - h3. Workaround Manuall...
CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...
CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials...
Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-43944
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator permissions to execute arbitrary code via Template Injecti...
DoS vulnerability in MessageBundleResource - CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...
JSW Server not vulnerable to an Insecure Deserialization issue in Jackson Databind - CVE-2018-14720
Scanners may falsely flag some versions of Jira Software Server before 8.5.5 as vulnerable to an Insecure Deserialization issue in Jackson Databind CVE-2018-14720. This vulnerability in a transitive dependency was being flagged because Jira Software assumed the version of applinks provided by Jir...
TinyMCE XSS vulnerability on version 4.7.11
h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...
Improper authorization in Project Administration - Others - CVE-2020-14165
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to obtain information about custom project avatars via an improper authorization vulnerability in the UniversalAvatarResource.getAvatars resource. Affected versions: version 8.9.0 Fixed versions: 8.9.0...
The console login did not rotate the session id during login - CVE-2017-18105
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...
Various resources included the current remote directory password in their responses - CVE-2016-10740
Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...
Argument injection in the download commit resource through the at parameter - CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
XSS vulnerabilty in JIRA Misc Workflow Extensions
There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...
Security Misconfiguration in Jira Software Data Center
This High severity Security Misconfiguration vulnerability was introduced in versions 9.12.32, 10.3.17, and 11.3.3 of Jira Software Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
com.google.guava:guava Dependency in Confluence Data Center and Server
This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Upgrade Tomcat to fix CVE-2023-34981
h3. Issue Summary Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981 panel:bgColor=e3fcef Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases. This is an...
User without "Browse Users" permission can view groups - CVE-2022-36800
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. Affected...
CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...
CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...
Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...
jira-importers-plugin has misconfigured XSRF protection - CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...
8.5 and 8.13 LTS releases should bundle Tomcat 8.5.63 or higher
h3. Issue Summary The Apache Tomcat version used by the currently available LTS Long Term Support releases has a few vulnerabilities, therefore the next LTS release should bundle an updated version of Tomcat. h3. Steps to Reproduce Not applicable. h3. Expected Results Not applicable. h3. Actual...
Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Improper authorization vulnerablity in the /profile/deleteWatch.do resource- CVE-2020-4014
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability...
DoS via missing input validation in UserPickerBrowser.jspa - CVE-2019-20413
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability on the UserPickerBrowser.jspa page. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons...
logout.action is not protected against XSRF - CVE-2012-6342
Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...
PrivEsc (Privilege Escalation) in Jira Core Data Center
Summary: This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center. This PrivEsc Privilege Escalation vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
FasterXML Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Third-Party Dependency Vulnerability in Confluence
This high severity Patch Management vulnerability was introduced in version 7.13.15 of Confluence Data Center & Server. This Patch Management vulnerability, with CVSS Scores of 7.5, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has no...
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
Fisheye in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Fisheye 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...