4295 matches found
EPIC FAIL: new user signups result in plain text email with all login details
After signing up to a JIRA instance, I got an email which simply amazed me - it contained: My username My email address My full name My password It was all there, right before me, in a plain-text unencrypted email sent across a public network. WTF?! I'm not sure which universe that's considered a...
CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center
h3. Issue Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the...
XSS (Cross Site Scripting) DOMPurify Dependency in Jira Core Data Center and Server
|Please see our updated fixed version guidance for this CVE, as the fix issued in our November 2024 Security Bulletin was incomplete. This vulnerability has now been mitigated in Jira Software and the correct fixed versions have been added to this ticket. We apologize for any inconvenience our...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 5.4.0, 5.12.0, 5.15.0, 5.16.0, and 5.17.0 of Jira Service Management Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Security Misconfiguration org.eclipse.jetty:jetty-server Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-server Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-server Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
Jira redirects the users back to the login page when SSO is used with Crowd
h3. Issue Summary Jira redirects the users back to the login page when SSO is used with Crowd when SSOSeraphAuthenticator is enabled in the seraph-config.xml. It works fine when Crowd is not used when JiraSeraphAuthenticator is enabled. This is reproducible on Data Center: Yes h3. Steps to...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...
RCE (Remote Code Execution) in Confluence Data Center and Server
This High severity Remote Code Execution RCE vulnerability was introduced in version 1.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to...
Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Crowd Data Center and Server
This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in all versions of Crowd Data Center and Server before 5.0.10, 5.1.8 and 5.2.3. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Woodstox Vulnerability in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
FasterXML Vulnerability in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Confluence: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Confluence Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
Anonymous users can view list of installed gadgets in Confluence
h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Confluence instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit th...
Upgrade bundled Java to 8u292+
Currently our latest available Jira version includes AdoptOpenJDK 1.8.0275, which does not include a fix for the following vulnerabilities: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20 It affects AdoptOpenJDK up to 1.8.0282, so we should bundle Jira with AdoptOpenJDK 1.8.02...
Information disclosure of product SEN via the x-asen response header - CVE-2020-14192
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...
Unvalidated redirects in UPM via reverse tabnapping
Affected versions of Atlassian Jira Server and Data Center allow an authenticated attacker to redirect a user to a malicious website via an unvalidated redirect vulnerability in some Universal Plugin Manager pages, e.g. "Manage apps" and "Find new apps". Affected versions: version 7.13.16 7.14.0 ...
MITM in Repository Import - CVE-2020-14171
Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that...
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005
The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Bitbucket Server & Bitbucket Data Center before version 6.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing...
XSS in the FilterPickerPopup.jspa resource through the searchOwnerUserName parameter - CVE-2019-14996
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the searchOwnerUserName parameter...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
XSS in various types of nested wiki markup - CVE-2017-18102
The bundled version of atlassian-renderer in Crucible before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently restricted to...
Confluence - Path traversal vulnerability - CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...
Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240
The administrative linker functionality in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...
XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
The Edit upload resource for a review in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...
Download a deleted page via word export - CVE-2018-20237
Atlassian Confluence Server from version 6.12.0 or earlier, and before version 6.13.1, or before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature...
Argument Injection via Mercurial hooks in Sourcetree for Windows - CVE-2018-20235
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. h4. Affected...
Cannot create page/s using "Create Page" Button
We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...
Crowd User Directory application password stored in plain text
Table: cwddirectoryattribute Column: attributevalue How to Verify in my environment: Connect to JIRA database using psql and run query: code select attributevalue from cwddirectoryattribute where attributename = 'application.password' code Note how the returned value is the plain text value of th...
Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...
XSS vulnerability in 'Share a link' blueprint
Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...
Reflected cross-site scripting (XSS) in dosearchsite action
The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...
Several XSS flaws in the /rest/tinymce/1
I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...
Different IE browser windows have different sessions and different session timeout timing
One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...
Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819
This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
The JSM Mail Handler functionality creates tickets from incoming emails in wrong projects
h3. Issue Summary When multiple Jira Service Management JSM projects are configured with a Mail Handler|https://confluence.atlassian.com/servicemanagementserver/receiving-requests-by-email-939926303.html via Project Settings Email Requests, the following issue happens: - the JSM Mail Handler...
Reflected XSS via /rest/collectors/1.0/template/custom - CVE-2021-43942
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting XSS vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting...
Replaying / intercepting a password reset POST request can allow for valid username enumeration
h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...
Anonymous user can view private project and filter names via IDOR in Average Number of Times in Status Gadget - CVE-2021-41305
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...