4295 matches found
logout.action is not protected against XSRF - CVE-2012-6342
Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...
XSS vulnerability in Pagetree macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence pagetree macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...
JIRA is vulnerable to clickjacking attacks
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21101. panel A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of a...
Allow issue security level to use any custom field that implements UserCFNotificationTypeAware
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-18099. panel It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you h...
XSS vulnerability can be exploited on the WebDAV Configuration page
Steps: Go to WebDAV Configuration Enter 'alert"XSS"' Click on 'Add new regex' button The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button. This can be done by users in the confluence-admin group, so it could be used by them to gain access to...
Remember my password with LDAP
At the login screen, when we click on 'Remember my login on this computer' and login, everything works well. When we close the browser without logout, the login should be remember on this computer. When we try to get back into Jira, here's the bug that we have into our log file. 2008-04-22...
Project name that contains double-quote is not properly escaped on Issue Navigator page
If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...
Implement user lockout mechanism to stop bruteforce login attacks
Hacker can try as many time he wants to login JIRA. You can build client, which sends username+password combinations as many time as you like. .. and if you have username, it is much easier to get in. ---- Implementation ideas: 1 Lock user after sequential X incorrect logins - X can be set by...
XSS bug: usernames not HTML-encoded in all places
When signing up for an account, it is possible to enter a username like "fred". Confluence will accept this, and on certain pages, render it as raw HTML to the user, opening the possibility of cross-site scripting XSS attacks. Two places I've spotted the raw HTML so far: - Most prominently, when ...
When deleting an Issue Security Level issues need to be re-indexed
Create 1 security levels Put some issues into it Delete the level hence removing any security level from the issues You will not be able to find the issues any more - need to re-index...
should be able to login only via https
you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...
XXE (XML External Entity Injection) in Jira Service Management Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in version 5.12.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.7, allows an attacker to access local and remote content. Atlassian...
RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Crowd Data Center and Server
This Critical severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 5.2.0, 5.3.0, 6.0.0, 6.1.0 and 6.2.0 of Crowd Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 9.8 and a CVSS Vector of...
IDOR (Insecure Direct Object Reference) org.springframework:spring-webmvc Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) in Bitbucket Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 8.19.0, and 9.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to cause a resource to be unavailable for its intended users ...
org.apache.commons:commons-compress Dependency in Confluence Data Center and Server
This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.14 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Bamboo Data Center and Server
This High severity com.nimbusds:nimbus-jose-jwt Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This com.nimbusds:nimbus-jose-jwt Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) apache-struts in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows
This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an...
Information disclosure via Synchrony service
Affected versions of Atlassian Confluence Server allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the Synchrony service. This vulnerability was discovered by Rojan Rijal of Tinder Security Engineering. The affected versions are before version...
"Fatal: unsafe repository" error when using Git 2.35.2 or newer
h3. Issue Summary When Fisheye is installed on Windows with Git 2.35.2 or newer versions, new commits and branches in Git are not visible in Fisheye. This issue occurs due to a security update in Git|https://github.blog/2022-04-12-git-security-vulnerability-announced/, as detailed in Error "fatal...
REST API falsely updates Project Category without necessary permissions
panel:bgColor=e7f4fa NOTE: This is for JIRA Server and JIRA Data Center . panel h3. Issue Summary A User with Project Administrator permissions is able to update the Project Category via REST API. But in the Jira UI only a Jira Administrator is allowed to update the Project Category. h3. Steps to...
Bitbucket displays sensitive DB details in error message in browser
h3. Issue Summary On application startup, if the database is down the Bitbucket application displays the sensitive database hostname & port details in the error message in browser. Error Message: noformat The database, as currently configured, is not accessible. Connection to : refused. Check tha...
Tomcat should not disclose its own version to unauthenticated users
h3. Problem Definition When accessing URLs that aren't under the application context and are not defined in Tomcat, Tomcat returns a 404 along with its own version. h4. +Steps to reproduce problem+ In a Jira instance with a context called jira for instance, browse http:///nonexistenturi. Make sur...
User Enumeration via /rest/api/1.0/render endpoint - CVE-2021-39118
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. Affected versions: version 8.19.0 Fixed...
7.13: Upgrade Confluence to latest Adopt OpenJDK versions 11.0.12
This issue includes running tests against JDK 11 latest11.0.127 and also bundling this JDK in installer...
Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...
Jira bundles a vulnerable version of atlassian-gadgets - CVE-2020-36232
The atlassian-gadgets plugin used in affected versions of Atlassian Jira Server and Data Center allows unexpected DNS lookups and requests to malicious servers via server side request forgery vulnerability. The affected versions are before version 8.5.10, from version 8.6.0 before version 8.13.2,...
Project enumeration through /browse.PROJECTKEY - CVE-2020-14178
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Affected versions: version 7.13.17 7.14.0 ≤ version 8.5.8 8.6.0 ≤ version 8.12.0 Fixed versions: 7.13.17 8.5....
MITM in Repository Import - CVE-2020-14171
Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...
Man-in-the-middle in Jira email client - CVE-2020-14168
The email client in Jira Server and Data Center allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability Affected versions: version 7.13.14 8.5.0 ≤ version 8.5.5 8.8.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed version...
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...
XSS in XML export view - CVE-2020-4021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.5 8.6.0 ≤ version 8.8.1 Fixed versions: 7.13.16 8.5....
Confluence Server and Data Center - Atlassian Companion Man-in-the-Middle - CVE-2019-15006
h3. Issue Summary There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence...
Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...
The ViewSystemInfo class doGarbageCollection method was vulnerable to CSRF - CVE-2019-11588
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...
Open redirect in the ChangeSharedFilterOwner resource - CVE-2019-11589
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery CSRF token, via a open redirect...
Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust
h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...
XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...
XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239
The version of the Application Links plugin used in Jira before version 7.13.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details...
XSS in the labels widget gadget - CVE-2018-20232
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...
The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...
The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103
The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...
XSS in the Trello board importer resource - CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trell...
Remote Code Execution via in Browser Editing - CVE-2018-5225
An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. Affected versions: All versions of Bitbucket Server before 5.4.8 the fixed version for 4.13.0 through to 5.4.7, 5.5.0 before 5.5.8 the...
XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the contents of an uploaded file...
Various Cross-site request forgery(CSRF) vulnerabilities in the Jira-importers-plugin - CVE-2017-18033
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...
Cross-site request forgery(CSRF) in the IncomingMailServers resource - CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery CSRF vulnerability...
Request Participants beside Reporter can remove other participants.
h3. Summary: Apparently, participants of a request have a control to whom the request is "Shared" with even though it is not the Reporter. Hence, they can actually remove themselves from the Request and unable to view it after that. Also, they can remove other parties from the request as well. h3...
XSS in /includes/decorators/global-translations.jsp
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61888. panel Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to...