4295 matches found
CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]
Atlassian Confluence Server and Data Center is not affected by CVE-2019-0230 Apache Struts Potential Remote Code Execution Vulnerability...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Crowd with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...
Authorization bypass allows information disclosure - CVE-2019-15003
h3. Authorization bypass allows information disclosure - CVE-2019-15003 h4. Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels|https://www.atlassian.com/security/security-severity-levels. The scale allow...
Update jQuery to address CVE-2019-11358
The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery 2.2.4.7...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
Granting Current Assignee to the Administer Project permissions will allow user to view all Projects
h3. Summary Granting Current Assignee to the Administer Project permissions will allow users to see ALL Projects that are assigned to that Permission Scheme. You can see the projects even if the user does not have any assigned issues in the project or even if the user is not listed as...
CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
The HipChat for JIRA plugin exposed the secret key it used to communicate with a linked HipChat service in various pages. For this vulnerability to affect your JIRA instance you must have a HipChat integration established. To exploit this issue in JIRA versions 7.0.0 and higher, attackers need to...
Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment
To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Software Data Center and Server
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, and 9.15.0 of Jira Software Data Center and Server. This...
Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 8.1.12 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an attacker to expose assets in yo...
Reflected XSS on /secure/TeamManagement.jspa via "planUrl" parameter - CVE-2022-36801
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. Affected versions:...
Import source configuration information is leaked via the Insight Import Source feature - CVE-2021-43950
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0...
An unauthorized user can view private objects via the Custom Fields feature - CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. Affected versions: version 4.21.0 Fix...
Non-administrators can edit the File Replication settings - CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...
Project key enumeration via the /rest/api/latest/projectvalidate/key endpoint - CVE-2021-39121
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...
Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444
Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...
Information disclosure in API and Integrations - CVE-2020-14180
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. Affected versions:...
SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. Important Note: The patch is deployed in f...
XSS in the activity stream gadget via the country parameter - CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...
Sprint End Date in a distant future causes OutOfMemoryError
h3. Summary Jira Software REST API /rest/agile/1.0/sprint/ is allowing to enter a date in the future, much higher than what is allowed by the UI . That causes Jira to hit OutOfMemoryError when loading a board based on a sprint having a big number of years as "End Date" due to excessive object...
Update Tomcat to 8.5.34 to avoid CVE-2018-11784
h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...
Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL
h3. Summary Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL h3. Environment Confluence 6.7.2 Team Calendar 6.0.17 h3. Steps to Reproduce Login as UserA Calendar Creator Create a new Calendar with the Subscribe by URL option Subscribe to any external...
Users with the same name as an inactive user in a higher priority directory get all that users memberships
h3. Summary In embedded Crowd in at least JIRA and Confluence, when a user is made inactive but retains its groups, then if a lower priority directory has a new user created with the same name, it now inherits their memberships. It seems like the logic used to determine the user authentication by...
SourceTree 7za Vulnerability.
SourceTree Version 1.8.3 installs a 7za.exe C:\Program Files x86\Atlassian\SourceTree\tools\7za.exe in Version 9.20, which has known vulnerabilities: CVE-2016-2334 CVE-2016-2335 More information about the vulnerabilities: http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html...
CVE-2016-4317: XSS on viewmyprofile.action page
The viewmyprofile.action resource was vulnerable to persistent XSS...
DoS (Denial of Service) in Jira Service Management Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVS...
XXE (XML External Entity Injection) in Jira Core Data Center and Server and Jira Software Server
This High severity XXE XML External Entity Injection vulnerability was introduced in version 9.12.0 of Jira Core Data Center and Server and Jira Software Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.7, allows an attacker to access local and remote content...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server
This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 6.10.0 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
FasterXML Vulnerability in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
com.google.code.gson Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Jettison Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2021-43955: /rest-service-fecru/server-v1 leaks information about installation directories
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...
Anonymous users can view names of private projects and filters via Average Time in Status Gadget - CVE-2021-41306
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...
Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.21....
Html Macros should respect authenticated user based on allowlist API
Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...
XXE in OpenID client application - CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...
Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401
Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580
Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...
Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456
There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...
Various XSS through a repository or review filename - CVE-2017-9508
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...
XSS in /includes/decorators/global-translations.jsp
Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to http:///includes/decorators/global-translations.jsp with the Host header set to some XSS payload e.g. codealert/xss/code The offending lines in code pick this payload and...
Upgrade Tomcat to latest minor version
See http://www.cvedetails.com/cve/CVE-2011-4084/. We're shipping 6.0.32 at the moment...
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the PreferQueryMode=SIMPLE parameter required for this vulnerability in it...
RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
Bitbucket Data Center is affected by CVE-2024-25710
h3. Issue Summary Bitbucket is affected by CVE-2024-25710|https://nvd.nist.gov/vuln/detail/CVE-2024-25710 The affected file /app/WEB-INF/lib/commons-compress-1.21.jar h3. Steps to Reproduce N/A h3. Expected Results N/A h3. Actual Results N/A h3. Workaround Currently, there is no known workaround...