4295 matches found
OGNL Double Evaluation Vulnerability
We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...
CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2
Crowd 2.7.2 is shipped with Tomcat 7.0.42, which is susceptible to CVE-2013-4590|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4590 h3.Workaround Deploy Crowd WAR instead, with Tomcat 7.0.50 or above. Instructions here:...
XSS vulnerabilty in JIRA Misc Workflow Extensions
There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...
Enable Web Sudo to work with other single-sign-on solutions
Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server
This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 5.3 of Confluence Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server
This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...
Woodstox Vulnerability in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5...
Confluence 8.7.1 is using a vulnerable library - spring-web-5.3.30
h3. Issue Summary CVE - CVE-2016-1000027 Advisory URL - https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 h3. Steps to Reproduce Build confluence to find the vulnerable artifact h3. Expected Results Vulnerable library is fixed h3. Actual Results Vulnerable library found at -...
UPM: upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary UPM is currently using underscore.js 1.4.4. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variabl...
Authentication Bypass in Jira Seraph - CVE-2022-0540
i Updates 2022/05/05 11:30 AM PDT Updated the List of affected Atlassian Marketplace Apps section to note the following apps have non-vulnerable updates available: Secure Code Warrior® for Jira Simple Tasklists Simple Team Pages for Jira UiPath Test Manager for Jira Xporter - Export issues from...
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...
A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190
Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...
Embedded Crowd passes sensitive paramaters in the URL when adding a new or editing an existing user directory.
h3. Issue Summary While adding a new directory or editing an existing one the embedded crowd passes directoryId, xsrfTokenName and xsrfTokenValue parameters to the URL. h3. Environment Bitbucket 6.9.X, 7.4.X, 7.5.X, 7.6.X h3. Steps to Reproduce In Bitbucket navigate to Gear Icon User Directories;...
CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]
Atlassian Confluence Server and Data Center is not affected by CVE-2019-0230 Apache Struts Potential Remote Code Execution Vulnerability...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that...
Man-in-the-middle in Jira email client - CVE-2020-14168
The email client in Jira Server and Data Center allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability Affected versions: version 7.13.14 8.5.0 ≤ version 8.5.5 8.8.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed version...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Crowd with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...
Authorization bypass allows information disclosure - CVE-2019-15003
h3. Authorization bypass allows information disclosure - CVE-2019-15003 h4. Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels|https://www.atlassian.com/security/security-severity-levels. The scale allow...
Update jQuery to address CVE-2019-11358
The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery 2.2.4.7...
Argument injection in the download commit resource through the at parameter - CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
Granting Current Assignee to the Administer Project permissions will allow user to view all Projects
h3. Summary Granting Current Assignee to the Administer Project permissions will allow users to see ALL Projects that are assigned to that Permission Scheme. You can see the projects even if the user does not have any assigned issues in the project or even if the user is not listed as...
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment
To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...
XXE (XML External Entity Injection) in Jira Core Data Center and Server and Jira Software Server
This High severity XXE XML External Entity Injection vulnerability was introduced in version 9.12.0 of Jira Core Data Center and Server and Jira Software Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.7, allows an attacker to access local and remote content...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Software Data Center and Server
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, and 9.15.0 of Jira Software Data Center and Server. This...
Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 8.1.12 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an attacker to expose assets in yo...
Reflected XSS on /secure/TeamManagement.jspa via "planUrl" parameter - CVE-2022-36801
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. Affected versions:...
Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0...
An unauthorized user can view private objects via the Custom Fields feature - CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. Affected versions: version 4.21.0 Fix...
Non-administrators can edit the File Replication settings - CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...
Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444
Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...
Information disclosure in API and Integrations - CVE-2020-14180
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. Affected versions:...
Improper Authorization in Applinks - CVE-2019-20105
The Application links plugin used in Atlassian Jira Server and Data Center before version 7.13.12, from version 8.0.0 before version 8.5.4 and from version 8.6.0 before version 8.6.1 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an...
Jira on Windows was vulnerable to DLL hijacking - CVE-2019-20400
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. h3. Acknowledgment We would like to thank Peleg Hadar of SafeBreach Labs for...
SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. Important Note: The patch is deployed in f...
XSS in the activity stream gadget via the country parameter - CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
Sprint End Date in a distant future causes OutOfMemoryError
h3. Summary Jira Software REST API /rest/agile/1.0/sprint/ is allowing to enter a date in the future, much higher than what is allowed by the UI . That causes Jira to hit OutOfMemoryError when loading a board based on a sprint having a big number of years as "End Date" due to excessive object...
Update Tomcat to 8.5.34 to avoid CVE-2018-11784
h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...
Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL
h3. Summary Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL h3. Environment Confluence 6.7.2 Team Calendar 6.0.17 h3. Steps to Reproduce Login as UserA Calendar Creator Create a new Calendar with the Subscribe by URL option Subscribe to any external...
Users with the same name as an inactive user in a higher priority directory get all that users memberships
h3. Summary In embedded Crowd in at least JIRA and Confluence, when a user is made inactive but retains its groups, then if a lower priority directory has a new user created with the same name, it now inherits their memberships. It seems like the logic used to determine the user authentication by...
SourceTree 7za Vulnerability.
SourceTree Version 1.8.3 installs a 7za.exe C:\Program Files x86\Atlassian\SourceTree\tools\7za.exe in Version 9.20, which has known vulnerabilities: CVE-2016-2334 CVE-2016-2335 More information about the vulnerabilities: http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html...
CVE-2016-4317: XSS on viewmyprofile.action page
The viewmyprofile.action resource was vulnerable to persistent XSS...
Upgrade bundled Tomcat to the latest minor release
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabiliti...
DoS (Denial of Service) in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVS...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Stored XSS in Confluence Data Center
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...