4295 matches found
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...
Cross-Site Scripting in subscribetocalendar.action
The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and is susceptible to cross-site scripting. Steps to Reproduce: Start a proxy tool such as Burp Suite. Log into a Confluence instance with Team Calendars installed. Use the proxy tool t...
Remote DoS Exploit on JIRA
An attacker is able to perform the billion laughs attack on a default JIRA installation including OnDemand installations. This attack can be executed without authentication and leads to the complete use of resources on the victim machine causing the server to crash or hang. It is possible due to...
/rest/menu/1.0/appswitcher displays data unauthenticated
"Calling" this function returns data without any authentication required: noformat curl https://support.atlassian.com/rest/menu/latest/appswitcher | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 787 0 787 0 0 531 0...
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access
Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...
View Content Permission Set not Complete.
The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-31720. panel panel:title=Status Update|borderStyle=solid|borderColor=ff7f7f|titleBGColor=ff7f7f|bgColor=e5e5e5 Hi everyone, We have reviewed...
Encrypt Database Password in dbconfig.xml or use integrated authentication
panel:title=Atlassian Update – 5 January 2016|borderStyle=solid|borderColor=ebf2f9 | titleBGColor=ebf2f9 | bgColor=ffffff Hi everyone, Thanks for voting and commenting on this issue. While we understand the importance of this issue for our customers with strict password encryption requirements, w...
Comment field on GH cards do not respect the comment visibility.
If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...
Logging event information is not HTML encoded in 500 error page
The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...
Obscure email addresses in Confluence Mail
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-2677. panel Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email...
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center and Server
This High severity net.minidev:json-smart Dependency vulnerability was introduced in versions 5.12.4, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server. This net.minidev:json-smart Dependency vulnerability,...
com.hazelcast:hazelcast Dependency in Bitbucket Data Center and Server
This High severity com.hazelcast:hazelcast Dependency vulnerability was introduced in versions 7.21.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server. This com.hazelcast:hazelcas...
org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server
This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server. This org.springframework:spring-webmvc Dependency...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Jira Service Management Data Center and Server
This High severity com.nimbusds:nimbus-jose-jwt Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, 5.12.0, 5.13.0 and 5.14.0 of Jira Service Management Data Center and Server. This com.nimbusds:nimbus-jose-jwt...
RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows
This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...
BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center
This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 7.11 of Confluence Data Center. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to exploit a cryptographic...
DoS (Denial of Service) org.apache.cxf:cxf-rt-rs-security-jose Dependency in Bitbucket Data Center and Server
This High severity org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability was introduced in versions 8.9.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server. This org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
Reset password function leaks information that can be used to harvest accounts
h3. Issue Summary When hitting the resetuserpassword.action URL directly with a username value, it's possible to identify valid users through the responses given by Confluence. The response for a valid user differs from the response for an invalid user. This is an issue as a malicious entity can...
Jira Align - Improper Authorization in MasterUserEdit API - CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. Affected versions: versi...
Upgrade Confluence to latest Adopt OpenJDK versions 11.0.13
h3. Issue Summary Upgrade Confluence to latest Adopt OpenJDK versions 11.0.13...
Local File Dislocusure to Browse All Files in /atlassian-bamboo
This vulnerability affects certain versions of Atlassian Bamboo. Attacker can craft URL to browse all files inside /atlassian-bamboo at Bamboo installation folder, which includes files at WEB-INF folder...
Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...
Custom field options are exposed via an unauthenticated REST API endpoint - CVE-2020-36237
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Affected versions: version...
Project enumeration via Jira Projects plugin report page - CVE-2020-29451
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version...
User has access to project and repository after global permission has been removed
h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...
SEN disclosure via HTTP Response headers - CVE-2020-14183
Affected versions of Jira Server & Data Center allow a remote attacker with limited non-admin privileges to view a Jira instance's Support Entitlement Number SEN via an Information Disclosure vulnerability in the HTTP Response headers. Affected versions: version 7.13.18 8.0.0 ≤ version 8.5.9 8.6....
XSS in API and Integrations - CVE-2020-14166
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in API and Integrations. Affected versions: version 4.10.0 Fixed versions: 4.10.0...
Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter. Affected versions: version 4.8.2 Fixed versions: 4.8.2 4.9.0...
XSS in the review resource through objectives - CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...
Information Disclosure in comment restriction feature - CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. Affected versions: version 7.6.17 7.7.0 ≤ version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.6.17...
Improper authentication on Convert Sub-Task to Issue page - CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names Project Key, if it is part of the workflow name Issue Keys Issue Types Status...
Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...
XXE in OpenID client application - CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...
CDN caching can lead to leak of user information - CVE-2019-14997
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...
Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...
Argument Injection via Mercurial hooks in Sourcetree for macOS - CVE-2018-20234
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Affected versions:...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103
The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...
Confluence error pages should remove stack trace from being output to the UI
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. panel h3. Problem Definition The Confluence error page typically displays "Oops - an error has occurred", it displays System error, the cause, then the stack trace that deals with that error. This is not desirable for all...
The bundled Atlassian Application Links plugin had various XSS issues - CVE-2018-5227
Application Links needs to be updated see https://ecosystem.atlassian.net/browse/APL-1356. The affected versions of Application Links is/are before version 5.4.4...
Content spoofing in the attachment resource in the Firefox browser - CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml...
Authentication fails on UI pull, works in command line.
My password recently changed. I have updated my credentials in the authentication preferences in SourceTree, however UI pulls always fail due to an authentication error, even though my credentials are correct. If I run the exact same command in the terminal, the pull is successful...
Add possibility to disable public access to JIRA
As an Administrator I would like to be able to disable public access to JIRA, so the users will have to login before they can browse projects, search issues or navigate to system dashboard. Workaround: In JIRA 7.2.10 the possibility to disable public access for anonymous users was added, however ...
Comments from retricted blog post visible for unrestricted user
h5. Summary All comments made before the post restriction changed to "Viewing and editing restricted" will be available to all user in all updates. This is only happening for blog post, and page restriction working as expected. Tested in version 5.9.1customer's version and 6.1.3, same behavious c...