4295 matches found
Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code
h3. Summary Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code h3. Steps to Reproduce Log in to customer portal and create a new request Attach new SVG file which contains JavaScript code filename: smiley-test.svg: !screenshot-1.png|thumbnail! After the...
The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...
Denial of service through the ForgotLoginDetails resource - CVE-2018-5231
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it...
Deprecate support for authenticating using os_username, os_password as url query parameters
h4. Problem Support for using osusername and ospassword to authenticate when used as url query parameters has been deprecated in Jira 8.0.0. It is possible to disable support for osusername & ospassword as url query parameters for authentication by setting allowUrlParameterValue to false in...
The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...
Update documentation regarding plan permissions to edit and delete plans
h3. Summary According to our documentation Disabling or deleting a plan|https://confluence.atlassian.com/bamboo/disabling-or-deleting-a-plan-289276855.html/, it is only possible to delete a plan by having "Admin" Global permissions. This is not accurate. Test done: Create a group called...
Open Redirection Issue in JIRA Announcement Banner
Hi, I am currently using Jira 6.1. And the issue is related to the Jira announcement banner. While editing/adding the announcement banner i tried to inject a script like window.location.href='www.somesite'. By doing so, after logging in to Jira , it redirected to the particular site. Therefore i...
SSRF/XSPA in ImporterSetupPage
h2. A security bug has been found in Jira Server. Administrator users can test local IP addresses/ports and determine whether they're open or closed. To reproduce: h2. Initial setup - Download https://www.atlassian.com/software/jira/download, install, and start up Jira Software Server. Note: I...
Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...
Upgrade to version 3.2.2 of apache commons-collections
h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...
Update 7zip to latest version
The current version of 7zip included has a security vulnerability that has been flagged in our corporate environment. The issue has been fixed in the latest version of 7zip. I have been asked to either obtain a version of SourceTree with the fixed version of 7zip, or to uninstall SourceTree...
Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch
I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...
Confluence Server Webwork OGNL injection - CVE-2021-26084
This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. An OGNL injection vulnerability exists that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The CVE ID is CVE-2021-26084. h4...
Incorrect user showing up in configuration for GPG key signing
When configuring SourceTree to use GPG key signing for commits, an incorrect user is used for a given key. The user shows up as "0", rather than the user that was used to create the key. !gpgconfig.png|width=488,height=316! For more details see the post in the community forum here:...
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
Crowd was using jQuery version 1.8.3, which is affected by CVE-2020-11023, CVE-2020-11022, and CVE-2015-9251. Affected Version/s: 4.0.3, 4.1.1 Fixed Version/s: 4.1.2, 4.0.4, 4.2.0...
SSRF via WebDAV endpoint - CVE-2019-3395
There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: All versions of Confluence Server and Confluence Data Center...
Encrypt Database Password in dbconfig.xml or use integrated authentication
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31004. panel JIRA should Encrypt the database password since it's in plain text in the dbconfig.xml file or it could use the integrated...
jquery 2.2.4 XSS vulnerability
Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. A jquery patch has been applied fo...
Remote code execution via Widget Connector macro - CVE-2019-3396
There was a server-side template injection vulnerability in Confluence Server and Data Center, in the Widget Connector. An attacker is able to exploit this issue to achieve path traversal and remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. ...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...
Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...
Tomcat vulnerabilities CVE-2021-25329 and CVE-2021-25122
h3. Issue Summary Recently disclosed vulnerability regarding Tomcat CVE-2021-25329|https://nvd.nist.gov/vuln/detail/CVE-2021-25329 and CVE-2021-25122|https://nvd.nist.gov/vuln/detail/CVE-2021-25122 affects the following versions: Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 h3...
Pre-Authorization Arbitrary File Read [Confluence, Jira, Crowd]
The VULN ticket can be seen at: https://asecurityteam.atlassian.net/browse/VULN-196971 ---- This issue was reported by an external researcher at https://securitysd.atlassian.net/browse/SEC-2455 . ---- Hello, I am Amit Laish, a security researcher from GE Digital. During one of our assessments we...
Setup only possible with sending user statistics
One of our customers reported an error: panel There is a problem with the setup of the new version of SourceTree 3.0.8. In the last screen the preferences are requested. It is not possible to click "Weiter" Continue without checking the second option. !Preferences.png|thumbnail! But this needs to...
Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....
Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
h3. Issue Summary The recently disclosed vulnerability regarding Tomcat|https://nvd.nist.gov/vuln/detail/CVE-2020-9484 affects the following versions: Apache Tomcat 7x 7.0.103 Apache Tomcat 8x 8.5.54 Apache Tomcat 9x 9.0.34 Apache Tomcat 10x 10.0.0-M4 We should bundle a more recent version of...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-31720. panel h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is giv...
Upgrade Tomcat to fix CVE-2023-41080
h3. Problem Apache Tomcat should be upgraded to 9.0.80 or a later version to fix CVE-2023-41080|https://nvd.nist.gov/vuln/detail/CVE-2023-41080 h3. Environment Jira v9.11 h3. Steps to Reproduce Current bundled Tomcat version is Tomcat 9.0.75 which is vulnerable to CVE-2023-41080. Upgrade Tomcat t...
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. The affected versions are...
Jira outputs a stack trace to the screen when an error is encountered
panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...
Update jQuery to address CVE-2019-11358
The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery 2.2.4.7...
ConfigureReport.jspa endpoint available for unauthenticated users
h3. Issue Summary I can access this report page without logging in with public sharing off: codehttp://localhost:8854/j854/secure/ConfigureReport.jspa?reportKey=com.atlassian.jira.jira-core-reports-plugin:singlelevelgroupbycode Was also able to hit the following page...
Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme
h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...
XSS in FilterPickerPopup.jspa parameter searchOwnerUserName
h3. Issue Summary The following vulnerability was submitted to our bug bounty program: h3. Environment Jira Server 8.2.1 Jira Cloud Verified using the latest Firefox h3. Steps to Reproduce As an authenticated user, navigate to code:java...
Crowd: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by Crowd has been updated from version 1.2.7-atlassian-3 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2021-4104|https://vulners.com/cve/CVE-2021-4104 JMSAppender is vulnerable to a deserialization flaw. A local attacker with privileges to update th...
Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34389. panel Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becom...
Code Injection and Directory Traversal in plexus-utils
This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...
Upgrade Tomcat to version 9.0.37
h3. Issue Summary The current version of Tomcat 9.0.33 bundled with Confluence at least up to Confluence version 7.6 is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat9.0.36...
Allow user accounts to require two-factor authentication using RFC 4226
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-20999. panel New feature request. In light of the recent security hack at Apache, it might be prudent for JIRA to provide some more secure...
Bamboo remote agent: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by the Bamboo remote agent has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is...
SSRF - /plugins/servlet/issue-retriever?columns=&url=XXX
h3. Issue Summary The following issue was submitted to our bug bounty program. This endpoint will allow attackers to read the full response of the provided URL. h3. Environment Confluence 6.15.5 h3. Steps to Reproduce Setup two Atlassian applications and create an Applink between them. In my case...
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647 In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH team...
Insecure version of Spring Web MVC used in Confluence Analytics
Hello! A transitive dependency issue has been found in Confluence Analytics: https://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610 Confluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug. The issue can be fixed by...
Upgrade the bundled version of Apache Tomcat to 8.5.57
h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2020-13934|https://vulners.com/cve/CVE-2020-13934 affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6...
Apache Tomcat CVE-2022-34305
h3. Issue Summary This is reproducible on Data Center: yes The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://vulners.com/cve/CVE-2022-34305 h3. Steps to Reproduce -- h3. Expected Results -- h3. Actual Results...
Disabling SAML override in Confluence Data Center doesn't work
h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...
An unauthenticated attacker can generate a sizeable CPU load on a Confluence server with a single request.
h3. Issue Summary Confluence has an API endpoint, which combines multiple js resources in a single response:...
user receives email notification even though restriction have been applied to the page
Steps to reproduce : Login to Confluence Create a page Insert a team calendar into the page Ask a user A to watch the page Make changes to team calendar User A is receiving email notification for the calendar as expected Creator of the page restrict the page with the calendar from being viewed by...
An Atlassian product has a security vulnerability.
Affected versions of Atlassian Confluence Server allow remote authenticated attackers to view sensitive information in the hidden attachments of custom content on reindexing via an Information Disclosure vulnerability in the search page. The affected versions are before version 7.13.12, from...
Browsing /jira/rest/api/2/user/picker as an unauthenticated user should return 401
h3. Issue Summary Browsing /jira/rest/api/2/user/picker?query=username as unauthenticated always returns 404, along with the following message: code:java "errorMessages":"The user named '0' does not exist","errors": code h3. Steps to Reproduce Open an browser private window Browse...