4295 matches found
DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
jackson-databind Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
hutool-json Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
FALSE POSITIVE - OpenSearch Vulnerability in Bitbucket Data Center and Server
Notice of FALSE POSITIVE After review, it has been determined that CVE-2022-41906 DOES NOT affect ANY version of Bitbucket Data Center or Bitbucket Server. We have updated our bulletin and Jira tickets to reflect this update. We have taken action to prevent this false-positive from appearing in o...
Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, allows an unauthenticated attacker to expose...
HSTS configuration not working in confluence 8.0.2
h3. Issue Summary This is reproducible on Data Center: Yes h3. Steps to Reproduce Configure confluence on SSL Follow KB -...
Crowd: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Crowd Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
Mobile web: upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary The mobile web view in Confluence is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template functio...
Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)
A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...
CSRF token theft through referrer headers - CVE-2021-39126
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...
Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260
There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...
RCE in jackson-databind
h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...
Open redirect vulnerability in login.jsp - CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...
Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456
There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...
SSRF Team Calendars
The following endpoint has an SSRF that can be used to enumerate internal network resources that are not publicly exposed to the internet. noformat PUT /wiki/rest/calendar-services/1.0/calendar/subcalendars.json noformat PoC Using the "Team Calendar" macro, select the "Subscribe by URL" option...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is given the Browse Project Permission, other users are able to view this Project. They can't necessarily view issues or create issues, but they can see the project from the...
Provide HTTP headers for the content that absolutely must not be cached on the client
We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...
XSS in RSS feed creation
URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...
XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server
This High severity XXE XML External Entity Injection org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability was introduced in versions 8.5 of Confluence Data Center and Server. This org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819
h3. Issue Summary org.springframework:spring-webmvc used by Bitbucket Data Center contains vulnerabilities - CVE-2024-38819|https://spring.io/security/cve-2024-38819 This is reproducible on Data Center: Yes h3. Steps to Reproduce N/A h3. Expected Results NA h3. Actual Results NA h3. Workaround...
org.springframework.security:spring-security-core Dependency in Bamboo Data Center and Server
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, wi...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server
This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVS...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) com.squareup.okio:okio-jvm Dependency in Confluence Data Center and Server
This High severity com.squareup.okio:okio-jvm Dependency vulnerability was introduced in versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This com.squareup.okio:okio-jvm Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
FasterXML Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Info Disclosure org.eclipse.jetty:jetty-util in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.10.1, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
RCE (Remote Code Execution) in Bitbucket Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to...
RCE (Remote Code Execution) in Confluence Data Center & Server
This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high...
Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...
Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...
Replay attack via the CSRF failure retry form - CVE-2021-39124
The Cross-Site Request Forgery CSRF failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. Affected versions: version 8.16.0 Fixed...
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...
Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446
Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...
SSRF in Dashboard & Gadgets - CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...
The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026
The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...
The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026
The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...
XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...
Argument Injection - CVE-2019-15000
Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...
Argument Injection - CVE-2019-15000
Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...
Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used
The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
Privilege escalation: User is able to add a page to his watchlist without having the permission
Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server
This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...