Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2015/03/10 3:44 p.m.28 views

Expired user in Active Directory do not stop user from cloning via SSH

User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/19 2:48 p.m.28 views

Information disclosure - full path disclosure

Jira displays charts on the dashboard by writting a temporary file in Jira "tmp" folder and reading it through a page called "charts" When the filename provided to this page is not present, an error message displays the full path to the "tmp" folder, which lies in Jira directory. This is a...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/01 1:24 a.m.28 views

Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47841. panel h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Brow...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/05 7:15 a.m.28 views

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/02 3:20 p.m.28 views

prevent crashing when running out of database connections

One common total crash for Confluence is when it does run out of database connection. Any reliable web application should be able to resist to a peak in number of request and not to fully crash when this happens. This is also a security issue because it means that anyone could easily bring the...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/25 7:23 a.m.28 views

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38028. panel There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/17 2:18 a.m.28 views

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.28 views

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/02 11:33 a.m.28 views

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/10 12:59 p.m.28 views

"Contact Administrators" Process Doesn't Exclude Disabled Administrators

h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/09 4:40 a.m.28 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/05 4:10 a.m.28 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/07/23 11:42 p.m.28 views

Restricted Work Log entries show in the Activity Stream in JIRA Server

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/10 7:18 a.m.28 views

Webwork 2 code injection vulnerability

We have discovered a vulnerability in WebWork 2, which is a part of the Struts web framework. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. In case of Fisheye, the attacker needs to be able to access...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2013/06/20 2:9 p.m.28 views

Disallow multiple sessions for an account

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33586. panel It is currently possible to run several sessions under any account. Some customers prefer to restrict the number of sessions to...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.28 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.28 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/15 3:23 a.m.28 views

Default application files available for download via the application server.

see: https://jira.atlassian.com/browse/JRA-31187 e.g. https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/ and https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/web.xml . FishEye shouldn't write any user data to the WEB-INF directory. The only files which are viewable there, should be the sam...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2012/11/20 1:56 a.m.28 views

Webwork direct method invocation can bypass validatingStack through Action aliases

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-27294. panel WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/24 12:58 a.m.28 views

Persistent XSS in JIRA charting plugin Workload Pie Chart Report

The Workload Pie Chart Report included with the JIRA charting plugin contains a number of XSS vulnerabilities. This plugin is bundled with OnDemand. The configuration page contains an XSS vulnerability in custom field names. 1. Create a custom field with the name alert'custom field' 2. Try to...

6.3AI score
Exploits0
Atlassian
Atlassian
added 2012/10/15 12:39 a.m.28 views

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2012/04/04 6:36 a.m.28 views

/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw. Here is an example url which will direct a user to http://google.com...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/10/19 5:42 p.m.28 views

Secure Section Macro

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-23637. panel This is a suggestion to create a new Macro/Plugin that worked similar to the Column Macro with the major difference...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/07/01 10:40 a.m.28 views

Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header

We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/04/28 4:55 a.m.28 views

XSS vulnerability in login.action

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence login action. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/04/26 9:8 a.m.28 views

"Forgot Password" feature should not reveal that a given username exists within Confluence for security reason

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-22388. panel It is possible to see which user exists on Confluence or not from within "Forgot Password" link. This is bad for...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/02/15 12:5 p.m.28 views

Ability to perform a bulk random password reset for users per project

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-23703. panel Would like to have the ability to perform a bulk password reset on user accounts for any particular JIRA project. Have recently...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/12/03 3:34 a.m.28 views

XSS vulnerability in Create Space Button macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence create-space-button macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/11/23 3:38 a.m.28 views

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/09/03 7:23 a.m.28 views

XSS vulnerability in Confluence Space Names

We have identified and fixed a cross-site scripting XSS vulnerability in Confluence Space Names. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An attacker's te...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/07/28 4:42 p.m.28 views

NullPointerException when there are no cookies and AccessLogRequestInfo is enabled

When using the filter-list and project-list plugins I ran into an issue where NullPointerExceptions were being thrown. I turned out the issue is in AccessLogRequestInfo when the Cookie header doesn't exists. The line that causes the exception is a log.debug line. I am including a patch that check...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 4:22 a.m.28 views

Require user to answer CAPTCHA after three failed attempts

Require user to answer CAPTCHA after three failed attempts. For SOAP and XMLRPC this means that the user will have to open a browser to answer the CAPTCHA, similar to how google does it. This issue has been rated MODERATE. Please refer to http://confluence.atlassian.com/x/ZILmD for details on oth...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 1:19 a.m.28 views

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.28 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/01/13 10:17 a.m.28 views

Include XSS security warning on HTML macro description in Wiki Markup Renderer

Include XSS security warning on HTML macro description in Wiki Markup Renderer. Derived from JRA-19802...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/12/24 12:36 a.m.28 views

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/10/09 1:2 a.m.28 views

Links from indexbrowser.jsp are vulnerable to XSS attacks

CONF-16888 has introduced or re-introduced an XSS vulnerability. To reproduce: Create a new user, and for the Full Name use: noformatalert'Vulnerable'noformat Go to ../admin/indexbrowser.jsp and find the entry Click on the entry, and the script is executed. This also happens for other content typ...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/09/07 12:12 a.m.28 views

Logout is not working on QA-EAC

Select 'Log Out' from the user menu. Note that you haven't been logged out...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/10 3:15 a.m.28 views

Update of jcaptcha

Update version of jcaptcha that we use...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/07 3:37 p.m.28 views

EPIC FAIL: new user signups result in plain text email with all login details

After signing up to a JIRA instance, I got an email which simply amazed me - it contained: My username My email address My full name My password It was all there, right before me, in a plain-text unencrypted email sent across a public network. WTF?! I'm not sure which universe that's considered a...

Exploits0
Atlassian
Atlassian
added 2009/05/20 6:5 p.m.28 views

CSRF attack message thrown when JSESSIONID is changed

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15779. panel Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may...

Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.28 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/18 8:8 p.m.28 views

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/12 1:0 a.m.28 views

Password is being logged for 500 errors

The user passwords are being exposed in the log files when a 500 error happens. The following Jira solved the problem for the information displayed in the user Browser: http://jira.atlassian.com/browse/CONF-12360...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/04 3:15 p.m.28 views

Email notifications for jiraissues macro reflect page owner permissions rather than permissions of notified user...

When a notification is sent out for a page that includes the \jiraissues\ macro, the list of issues is based on the page owner's permissions rather than the notified user's permissions. Here are the steps to reproduce: Set up the trust relationship between your JIRA and Confluence installs Create...

1AI score
Exploits0
Atlassian
Atlassian
added 2008/11/07 6:43 p.m.28 views

Boolean operators on user and group management

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-13634. panel Please consider this as a feature request for a future release of Confluence. Boolean operands on Space permission...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/08/25 10:28 a.m.28 views

Hidden pages' content can be viewed without permission using copypage.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A User cannot see Space A User can see Space B The following URL will allo...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/03/17 5:0 a.m.28 views

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2008/03/10 4:58 a.m.28 views

XSS vulnerability in signup actions

Vulnerable URL's: - signup.action - dosignup.action on username, email, password, confirm, fullname...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/02/01 12:29 p.m.28 views

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

1.6AI score
Exploits0
Total number of security vulnerabilities4295