4295 matches found
Template injection in Jira importers plugin - CVE-2019-15001
h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...
Missing permission check in several worklog rest resources - CVE-2019-8445
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check...
Update the bundled version of OWASP AntiSamy to address issues
The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...
Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582
There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution o...
XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239
The version of the Application Links plugin used in Confluence before version 6.15.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more detail...
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61803. panel The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
xss by swf file
In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...
Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X
h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...
Persistent XSS in JIRA charting plugin Workload Pie Chart Report
The Workload Pie Chart Report included with the JIRA charting plugin contains a number of XSS vulnerabilities. This plugin is bundled with OnDemand. The configuration page contains an XSS vulnerability in custom field names. 1. Create a custom field with the name alert'custom field' 2. Try to...
'/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled
quote LDAP directory users and groups exposed via the /users/userpicker.action. There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior. quote quote The second exposed function that is part of this vulnerability is...
XML Vulnerability in JIRA
We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...
Secure Section Macro
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-23637. panel This is a suggestion to create a new Macro/Plugin that worked similar to the Column Macro with the major differenc...
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
XSS vulnerability can be exploited with the pagetree macro
Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...
Implement login using google Authentication
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate use...
DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Confluence Data Center and Server
This High severity com.thoughtworks.xstream:xstream Dependency vulnerability was introduced in versions 2.2 of Confluence Data Center and Server. This com.thoughtworks.xstream:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Successful user login events using PAT does not update last login date and are not added to the audit logs
h3. Issue Summary When users authenticate on Confluence, this information should be update last login date as well as add as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on...
Third-Party Dependency in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.0.1 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation...
DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server
This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
DoS (Denial of Service) org.apache.tomcat:tomcat-catalina in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.19.1, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This DoS Dependency vulnerability only impacts Windows instances, with a CVSS Score of 7.5 and a CVSS Vector of...
RCE (Remote Code Execution) in Bamboo Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...
jackson-databind Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...
Granting the 'Browse Project Archive' permission to a 'Custom Field' within a permission scheme allows all users to see archived issues in result set
h3. Issue Summary If within a project the 'Browse Project Archive' and 'Browse Project' permissions are granted to 'Group Custom Field' or to the 'Reporter' option within the permission scheme, the project will become available to search for any user with the 'Browse Project Archive' permission i...
IDOR (Insecure direct object references) in Jira 8.13.10
We have found during testing that by sending a fake header with a domain name supplying as a suffix i.e. attack.eu into the Host header field, the web server processes the input to send the request to an attacker-controlled host that resides at the supplied domain, and not to an internal virtual...
Jira Service Management / Insight Asset Management vulnerable to RCE Security
Description Insight - Asset Management has a feature to import data from several databases DBs. One of these DBs, the H2 DB, has a native function in its library which an attacker can use to run code on the server remote code execution a.k.a. RCE. The H2 DB is bundled with Jira to help speed up...
Stored XSS on /secure/admin/AssociatedProjectsForCustomField.jspa - CVE-2021-41310
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Associated Projects feature /secure/admin/AssociatedProjectsForCustomField.jspa. The affected versions are before...
Self-xss via copying content from a PDF - CVE-2021-39111
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the handling of supplied content such a...
Username enumeration via password reset page - CVE-2021-39125
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...
Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446
Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...
IDOR Disclosure of Private Project Titles - CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.7 8.6.0 ≤ version 8.9.2...
Information disclosure in API and Integrations - CVE-2020-14180
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. Affected versions:...
XSS in Navigation - Search - CVE-2020-14169
The quick search component in Atlassian Jira Server and Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. Affected versions: version 8.9.1 Fixed versions: 8.9.1 8.10.0...
XSS in Issue - Attachments - CVE-2020-4025
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a rdf content type. Affected versions: version 8.5.5 8.6.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...
Template injection in Web Resources Manager - CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remo...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerat...
Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005
The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was bundled in Confluence Server & Confluence Data Center before version 7.0.1, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...
XSS in various templates of the Optimization plugin - CVE-2019-8450
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a custom...
XSS in the wikirenderer component - CVE-2019-8444
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...
User enumeration through the issueTable resource - CVE-2019-8446
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check...
Bitbucket sends email notifications to unlicensed users for pushed commits in a repository
h3. Issue Summary An unlicensed user will continue to receive email notifications for pushed commits for repositories that the user was watching and receiving notifications when active. h3. Steps to Reproduce User1 enables email repository email notifications to be sent immediately User1 watches...
Update the bundled version of OWASP AntiSamy to address issues
The bundled version of OWASP AntiSamy in Crucible before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...
Ability to have the Websudo functionality working with SAML / SSO
h3. Problem Definition When implementing SAML either through JDC or through a vendor plugin, the net result is you have to turn off websudo because you can't get websudo and SAML to work. The effect is you can go straight into administration functions without confirmation that you should. This...
Permissions bypass in the inline-create rest resource - CVE-2018-20826
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...
Argument Injection via Mercurial hooks in Sourcetree for macOS - CVE-2018-20234
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Affected versions:...
Issue reporter and assignee user email addresses were disclosed regardless of the email visibility setting - CVE-2018-13391
The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...