4295 matches found
CVE-2021-43954: File and network resource enumeration via SSRF in DefaultRepositoryAdminService
Affected versions of Atlassian Fisheye and Crucible allow remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability in the DefaultRepositoryAdminService class. When runni...
Anonymous user can view names of private projects and filters via IDOR in Workload Pie Chart Gadget - CVE-2021-41307
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References IDOR vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.1...
Replay attack via the CSRF failure retry form - CVE-2021-39124
The Cross-Site Request Forgery CSRF failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. Affected versions: version 8.16.0 Fixed...
Vulnerable version of Underscore.js used - CVE-2021-23358
Affected versions of Atlassian Jira Server and Data Center used Underscore.js 1.9.1, which was vulnerable to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358. The affected versions of Atlassian Jira Server and Data Center are before version 8.18.0. Affected versions: version 8.13.10 8.14.0 =...
Information Disclosure using JQL function membersOf - CVE-2020-36286
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly...
Denial of Service via /rest/gadget/1.0/createdVsResolved/generate endpoint - CVE-2021-39123
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0. Affected versions:...
Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...
Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...
Information disclosure of product SEN via the x-asen response header - CVE-2020-14192
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...
Improper authorization vulnerablity in the /profile/deleteWatch.do resource- CVE-2020-4014
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability...
CSRF via Logging and Profiling feature - CVE-2019-20415
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.3 8.0.0 ≤ version 8.1.0 Fixed versions: 7.13.3 8.1.0...
Stored XSS via malicious file upload - CVE-2020-14173
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7...
DoS in avatar upload via crafted PNG file - CVE-2019-20897
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7.1 8.8.0...
Improper authorization on support files vulnerability in Jira - CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...
Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005
The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...
The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...
Missing authentication checks in various administrative system import resources - CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of quick filters. h3. Workaround Disable the gadget. - Navigate to Administration Add-ons Manage add-ons and se...
Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 the fixed version for 4.14.x, from version 5.0.0 before 5.0.9 the fixed version for 5.0.x, from version 5.1.0 before 5.1.8 the fixed version for 5.1.x, from version 5.2.0 before 5.2.6 the fixed...
XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the key parameter...
CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
The Atlassian Hipchat Integration Plugin for Bitbucket Server exposed the secret key it used to communicate with a linked HipChat service in various administration pages. For this vulnerability to affect your Bitbucket Server instance you must have a HipChat integration established. To exploit th...
Rest API XSS
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14. The vulnerability is located at /rest/prototype/1/session/check/something POC URL: http:///confpath/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E This was confirmed in t...
CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI
In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...
Restricted page at the Home Page layer is shown at the sidebar page tree
h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...
XSS using WebFragmentBuilder for WebItemProvider
The label is not escaped properly when using WebFragmentBuilder to generate links for JIRA's nav dropdown. This only happens when is not present in the relevant WebSection...
Domain restricted signup is creating enabled users on ApacheDS
When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...
Inaccessible page titles leaked by Share Page API
The Share Page API exposes a REST endpoint that is available to authenticated users of Confluence. It is possible for any user to share any page simply by specifying the corresponding numeric id and the resulting notification includes the title of the shared page. In particular, a user may obtain...
Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34389. panel Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becom...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-31720. panel panel:title=Status Update|borderStyle=solid|borderColor=ff7f7f|titleBGColor=ff7f7f|bgColor=e5e5e5 Hi everyone, We have reviewed...
Encrypt Database Password in dbconfig.xml or use integrated authentication
panel:title=Atlassian Update – 5 January 2016|borderStyle=solid|borderColor=ebf2f9 | titleBGColor=ebf2f9 | bgColor=ffffff Hi everyone, Thanks for voting and commenting on this issue. While we understand the importance of this issue for our customers with strict password encryption requirements, w...
Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited...
Upgrade Tomcat to latest minor version
See http://www.cvedetails.com/cve/CVE-2011-4084/. We're shipping 6.0.32 at the moment...
Upgrade Tomcat to latest minor version
See http://www.cvedetails.com/cve/CVE-2011-4084/. We're shipping 6.0.32 at the moment...
Display Last-Login-Date for the User
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21933. panel Dear Atlassian! I don't know whether a ticket like this already exits or was solved, but I couln't find any. We would like to...
Issue security based on workflow status
I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...
Logging event information is not HTML encoded in 500 error page
The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...
Path Traversal (Arbitrary Read/Write) org.springframework:spring-webmvc Dependency in Jira Software Data Center and Server
This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 9.12.0 Jira Software Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Reflected XSS and CSRF (Cross-Site Request Forgery) in Confluence Data Center and Server
This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 4.3 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery vulnerability, with a CVSS Score of 7.1, allows an unauthenticated attacker to execute...
Jira Software Server Template RCE via Email Templates feature
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Software Server and Data Center allow a system administrator to execute arbitrary code via a remote code execution in the...
Upgrade Confluence to latest Adopt OpenJDK versions 11.0.13
h3. Issue Summary Upgrade Confluence to latest Adopt OpenJDK versions 11.0.13...
Stored XSS on Jira Issue XML Export - CVE-2021-26082
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in XML Export. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0. Affected...
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...
Unauthenticated information leakage of temporary files and project keys - CVE-2021-26069
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/\id/ActionsAndOperations API endpoint. The affected versions are before...
User has access to project and repository after global permission has been removed
h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
XSS in the review resource through objectives - CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...