4295 matches found
Spring Framework Vulnerability - CVE-2020-5398
h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...
Filter Subscription emails should not be sent to deactivated users.
h3. Summary Email Filter Subscriptions are still sent after an user is marked as deactivated. h3. Steps to Reproduce Create a user belonging to jira-users group Deactivate the user Create a filter and subscribed to jira-users group Filter used: issuekey in issueHistory ORDER BY lastViewed DESC...
Upgrade Tomcat to version 8.5.75 - CVE-2020-9484/CVE-2022-23181
The latest version of Tomcat bundled in Jira 8.21 is 8.5.72. Vulnerability is referenced in the fixedinapachetomcat8.5.75security-8 advisory. panel CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is...
Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...
XSS vulnerability in FishEye/Crucible dashboard - review activity
We have identified and fixed a cross-site scripting XSS vulnerability in the FishEye/Crucible dashboard - review activity.. Affected versions are FishEye/Crucible 2.2.8 to 2.5.2 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page...
XSS vulnerability in FishEye/Crucible dashboard - review activity
We have identified and fixed a cross-site scripting XSS vulnerability in the FishEye/Crucible dashboard - review activity.. Affected versions are FishEye/Crucible 2.2.8 to 2.5.2 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page...
Problem when signing up for new user Account from login page
I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...
IDOR View Private Unrelease and Release Titles
h3. Reported by bug bounty|https://tracker.bugcrowd.com/atlassian/submissions/73229d116b86b26d234a76ba428a5d02a68cfa716a7ce8b3912ad67c3c653932 h3. Issue Summary A non-admin is able to view the "release version" page but not make a release. h3. Steps to Reproduce Open two browsers and login as adm...
Apache Tomcat CVE-2023-28709
h3. Issue summary Apache Tomcat should be upgraded to 9.0.74 or a later version to fix CVE-2023-28709|https://nvd.nist.gov/vuln/detail/CVE-2023-28709 h3. Environment Bitbucket 8.10.x and 8.11 h3. Steps to Reproduce Check the Apache Tomcat version on pom.xml h3. Expected Results Bitbucket 8.10 and...
Update ActiveMQ to fix CVE-2023-46604
h3. Issue Summary Bamboo relies on ActiveMQ libraries version /atlassian-bamboo/WEB-INF/lib: noformat $ ls -al /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib ls | grep activemq- activemq-broker-5.18.2.jar activemq-client-5.18.2.jar activemq-http-5.18.2.jar activemq-jms-pool-5.18.2.jar...
Upgrade Tomcat to the version 8.5.29
Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9. Customer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat...
Upgrade Bouncy Castle to fix multiple CVEs
h3. Issue Summary Jira uses Bouncy Castle library in version 1.50 that's vulnerable to 10 CVEs: https://www.cvedetails.com/cve/CVE-2015-7940/ https://www.cvedetails.com/cve/CVE-2016-1000338/ https://www.cvedetails.com/cve/CVE-2016-1000339/ https://www.cvedetails.com/cve/CVE-2016-1000341/...
Upgrade Tomcat to the latest 8.0.x release
h3. Summary We are currently on 8.0.17 and have already been bitten by a bug in it: https://bz.apache.org/bugzilla/showbug.cgi?id=57476 We should upgrade to the latest to get the latest bugfixes. Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager...
User are receiving mobile notifications of restricted Jira comments that they cannot view when accessing Jira through a browser
Hi Jira Server mobile app beta users, We recently discovered a bug where Jira Server mobile app users receive all comment notifications from Jira issues they’re watching or assigned to, even if the comment had been restricted to exclude them. This means they’ll be able to view the content of...
Insufficient Session Expiration of user sessions - CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability...
Update Tomcat Native DLL in JIRA Installer
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-38927. panel quote 7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships...
Vulnerable version of xmlsec used - CVE-2021-40690
Affected versions of Atlassian Jira Server and Data Center used versions of xmlsec that were vulnerable to CVE-2021-40690. Affected versions: version 8.22.2 Workaround: version 8.22.2 LTS versions 8.13 and versions up to 8.20.14 should also apply this workaround. This is permanently fixed in...
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. This vulnerability was...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
XSS Vulnerability in jira.issueviews:searchrequest-xml
The endpoint /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/|https://jira.uberinternal.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/-- is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and...
Update bundled Apache Tomcat due to security vulnerabilities
Apache has released the Apache Software Foundation Releases Security Updates: https://www.us-cert.gov/ncas/current-activity/2017/04/12/Apache-Software-Foundation-Releases-Security-Updates There are a few vulnerabilities reported: CVE-2017-5648 -...
Attachment name leakage from restricted space
h3. Issue Summary Hello, This issue was discovered through our bugbounty program and has been verified: User can view attachment names in a restricted space by accessing the following endpoint: noformat http://host/rest/previews/templinksresource/attachmenturl?attachmentId=id noformat h3...
XSS vulnerability in FishEye/Crucible Reviews List
We have identified and fixed a cross-site scripting XSS vulnerability in the FishEye/Crucible reviews list. Affected versions are FishEye/Crucible 2.2.8 to 2.5.2 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589. h3. Environment From Confluence 6.10.0, which comes with Apache 9.0.8, up to Confluence...
Warn about assigning "Anyone" group in Global and Project permissions
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-18076. panel Assigning anyone to global permissions such as a "Browse user" is a sure way to shoot yourself in the foot inadvertently. We mak...
Confluence Server Webwork OGNL injection - CVE-2021-26084
This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. An OGNL injection vulnerability exists that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The CVE ID is CVE-2021-26084. h4...
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
Crowd was using jQuery version 1.8.3, which is affected by CVE-2020-11023 & CVE-2020-11022. Affected Version/s: 4.0.3, 4.1.1 Fixed Version/s: 4.1.2, 4.0.4, 4.2.0...
SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...
Denial of service in issue searching through Epic Name ordering - CVE-2019-11583
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name"...
Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104
Log4J version 1.2.17-atlassian-3 used in Fisheye and Crucible is vulnerable to CVE-2021-4104. The JMSAppender in Log4J 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4J configuration. Note this issue only affects Log4J 1.2 when specifically...
Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...
Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
Upgrade tinyMCE to >= 7.0.0 to mitigate CVE-2024-29881/29203
h3. Issue Summary The current tinyMCE version used on the latest version of Jira is 5.10.9. There are two outstanding CVEs between the delta of 5.10.9 to 7.0.0 that don't seem to be backported yet: CVE-2024-29881 Detail - NVD|https://nvd.nist.gov/vuln/detail/CVE-2024-29881 CVE-2024-29203 Detail -...
Stored XSS via malicious file upload - CVE-2020-14173
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7...
The jQuery version used in JIRA needs to be updated
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-43422. panel Actually the jQuery version used in JIRA is still using the function jQuery.browser which is deprecated and has been removed...
XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...
Update Tomcat to 8.5.34 to avoid CVE-2018-11784
h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...
Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580
Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...
The jQuery version used in JIRA needs to be updated
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-43422. panel Actually the jQuery version used in JIRA is still using the function jQuery.browser which is deprecated and has been removed sin...
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
Affected versions of Atlassian Jira Server and Data Center used versions of the PostgresSQL JDBC driver that were vulnerable to CVE-2022-21724. The affected versions of Atlassian Jira Server and Data Center are before version 8.22.2. Affected versions: version 8.22.2 Fixed versions: 8.22.2 and...
XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239
The version of the Application Links plugin used in Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details...
JIRA puts a user's XSRF token in various resources.
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-61250. panel h5.Steps to Reproduce: Log into JIRA Log out from JIRA h5.Expected Results: The URL shown in the address bar does not show the...
Embedded 7z vulnerable with a cvs score of 10
The embedded 7zip version is vulnerable. Please update...
Update Tomcat to version 8.5.75 to address CVE-2020-9484/CVE-2022-23181
h3. Issue Summary Update Tomcat to version 8.5.75 to address CVE-2020-9484/CVE-2022-23181. More information can be found here: https://nvd.nist.gov/vuln/detail/CVE-2022-23181 Taken from the page above: quote h3. CVE-2022-23181 Detail Current Description The fix for bug CVE-2020-9484 introduced a...
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
h3. Summary Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. h3. Affected versions: version 8.5.8 8.6....
Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...
Upgrade Tomcat to fix CVE-2023-28709
h3. Issue summary Apache Tomcat should be upgraded to 8.5.88 and 9.0.74 or a later version to fix CVE-2023-28709|https://nvd.nist.gov/vuln/detail/CVE-2023-28709 h3. Environment Bamboo 8, 9 h3. Steps to Reproduce Check the Apache Tomcat version on pom.xml or /bin/version.sh/bat h3. Expected Result...
DoS (Denial of Service) in Crowd Data Center and Crowd Server - CVE-2022-29885
h2. Summary of Vulnerability This critical severity DoS Denial of Service vulnerability known as CVE-2022-29885 was introduced in version 4.0.0 of Crowd Data Center and Crowd Server. h2. Affected Versions ||Product||Affected Versions|| |Crowd Data Center Crowd Server|- 4.0.0 - 5.0.0| h2. Fixed...
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...