4295 matches found
RCE in jackson-databind
h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...
Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...
Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456
There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...
XSS in User Macros Description Field
We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...
SSRF Team Calendars
The following endpoint has an SSRF that can be used to enumerate internal network resources that are not publicly exposed to the internet. noformat PUT /wiki/rest/calendar-services/1.0/calendar/subcalendars.json noformat PoC Using the "Team Calendar" macro, select the "Subscribe by URL" option...
Upgrade bundled Java to 8u101+
Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect JIRA...
Applink configuration data is exposed anonymously
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs a...
XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server
This High severity XXE XML External Entity Injection org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability was introduced in versions 8.5 of Confluence Data Center and Server. This org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819
h3. Issue Summary org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819|https://spring.io/security/cve-2024-38819 This is reproducible on Data Center: Yes h3. Steps to Reproduce N/A h3. Expected Results NA h3. Actual Results NA h3. Workaround...
org.springframework.security:spring-security-core Dependency in Bamboo Data Center and Server
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, wi...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server
This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) com.squareup.okio:okio-jvm Dependency in Confluence Data Center and Server
This High severity com.squareup.okio:okio-jvm Dependency vulnerability was introduced in versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This com.squareup.okio:okio-jvm Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
jackson-databind Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
FasterXML Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Info Disclosure org.eclipse.jetty:jetty-util in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
RCE (Remote Code Execution) in Bitbucket Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...
RCE (Remote Code Execution) in Confluence Data Center & Server
This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...
Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...
Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...
Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446
Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...
SSRF in Dashboard & Gadgets - CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...
The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026
The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...
The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026
The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...
Open redirect vulnerability in login.jsp - CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...
XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...
Argument Injection - CVE-2019-15000
Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...
Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used
The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...
Update Java version bundled found in the installer to a version >= 1.8u71
Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is given the Browse Project Permission, other users are able to view this Project. They can't necessarily view issues or create issues, but they can see the project from the...
XSS in RSS feed creation
URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...
Privilege escalation: User is able to add a page to his watchlist without having the permission
Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server
This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...
Login form doesn't get disabled when option is disabled from authentication methods
h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...
com.google.guava:guava Dependency in Jira Service Management Data Center and Server
This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.20.0, 4.22.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, 5.12.0, and 5.13.0 of Jira Service Management Data Center and Server. This com.google.guava:guava...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) okio in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability is included in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, and 8.14.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled with ...
Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...
Sending an unauthenticated request to the Synchrony allows writing to the logs
h3. Issue Summary It is possible to write log entries via Synchrony API without authentication. h3. Steps to Reproduce To do this, you have to enter the target URL in Postman:, copy the GET or POST request and send the http request. For all POST requests, you must ensure that the content length...
Replay attack via the CSRF failure retry form - CVE-2021-39124
The Cross-Site Request Forgery CSRF failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. Affected versions: version 8.16.0 Fixed...
Issue watchers continue receiving updates even after their Jira account is revoked - CVE-2021-39119
h3. Summary Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are...