4295 matches found
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
Upgrade bundled Tomcat to the latest minor release
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabiliti...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Security Misconfiguration in Jira Software Data Center
This High severity Security Misconfiguration vulnerability was introduced in versions 9.12.32, 10.3.17, and 11.3.3 of Jira Software Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) org.json:json Dependency in Bitbucket Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 7.17.0, 7.21.15, 8.9.4, 8.13.0, 8.14.0, and 8.15.0 of Bitbucket Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0, 7.19, 8.1.0, 8.2.0, 8.3.0 and 8.5 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
Local Privilege Escalation via DLL hijack - CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center...
Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)
A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Jira with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...
Various resources included the current remote directory password in their responses - CVE-2016-10740
Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...
XSS Vulnerability in wiki markup
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-51825. panel Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various...
Two factor Authentication
As a company IT administrator of our company I want that all users authenticate to bamboo in two steps username password & app or sms. So that I'm always sure that a employee of our company logs in bamboo instead of a hacker. This makes even my infrastructure more secure...
Update Java version bundled found in the installer to a version >= 1.8u71
Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...
DoS (Denial of Service) org.eclipse.jetty:jetty-io Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-io Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-io Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
Info Disclosure com.google.guava:guava in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of...
Confluence Apache Tomcat CVE-2022-34305
This is reproducible on Data Center: yes The current version of Tomcat 9.0.63 is bundled with Confluence 7.18.2 and Confluence 7.13.8 are vulnerable to CVE-2022-34305 https://vulners.com/cve/CVE-2022-34305 h3. Steps to Reproduce - h3. Expected Results - h3. Actual Results - h3. Workaround Manuall...
CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...
CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials...
Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-43944
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator permissions to execute arbitrary code via Template Injecti...
DoS vulnerability in MessageBundleResource - CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...
TinyMCE XSS vulnerability on version 4.7.11
h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...
Improper authorization in Project Administration - Others - CVE-2020-14165
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to obtain information about custom project avatars via an improper authorization vulnerability in the UniversalAvatarResource.getAvatars resource. Affected versions: version 8.9.0 Fixed versions: 8.9.0...
The console login did not rotate the session id during login - CVE-2017-18105
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...
XSS vulnerabilty in JIRA Misc Workflow Extensions
There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...
logout.action is not protected against XSRF - CVE-2012-6342
Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...
PrivEsc (Privilege Escalation) in Jira Core Data Center
Summary: This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center. This PrivEsc Privilege Escalation vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
com.google.guava:guava Dependency in Confluence Data Center and Server
This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Upgrade Tomcat to fix CVE-2023-34981
h3. Issue Summary Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981 panel:bgColor=e3fcef Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases. This is an...
User without "Browse Users" permission can view groups - CVE-2022-36800
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. Affected...
CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...
CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...
Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...
jira-importers-plugin has misconfigured XSRF protection - CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...
8.5 and 8.13 LTS releases should bundle Tomcat 8.5.63 or higher
h3. Issue Summary The Apache Tomcat version used by the currently available LTS Long Term Support releases has a few vulnerabilities, therefore the next LTS release should bundle an updated version of Tomcat. h3. Steps to Reproduce Not applicable. h3. Expected Results Not applicable. h3. Actual...
Tomcat vulnerabilities CVE-2021-25329 and CVE-2021-25122
h3. Issue Summary Recently disclosed vulnerability regarding Tomcat CVE-2021-25329|https://nvd.nist.gov/vuln/detail/CVE-2021-25329 and CVE-2021-25122|https://nvd.nist.gov/vuln/detail/CVE-2021-25122 affects the following versions: Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 h3...
Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Improper authorization vulnerablity in the /profile/deleteWatch.do resource- CVE-2020-4014
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability...
DoS via missing input validation in UserPickerBrowser.jspa - CVE-2019-20413
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability on the UserPickerBrowser.jspa page. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...