4295 matches found
XSS vulnerability in signup actions
Vulnerable URL's: - signup.action - dosignup.action on username, email, password, confirm, fullname...
Project name that contains double-quote is not properly escaped on Issue Navigator page
If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...
DWR debug mode is enabled
This gives a potential attacker lots of information about available AJAX request handlers in Confluence...
Support nested groups
panel:title=Resolved in Confluence 3.5|borderStyle=solid|borderColor=3C78B5|titleBGColor=3C78B5|bgColor=E7F4FA We are pleased to advise that support for nested groups is available in Confluence 3.5. You can find instructions on how to configure nested groups in our documentation: Configuring User...
Login errors in 1.3
When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...
File Inclusion in Jira Software Data Center
This High severity File Inclusion vulnerability was introduced in version 11.3.3 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N allows an unauthenticated attacker to get...
Injection in Confluence Data Center
This High severity Injection vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Bamboo Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows ...
RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38999
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, and 10.6.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 5.2.4 and 5.3.0 of Crowd Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...
DoS (Denial of Service) braces Dependency in Confluence Data Center
This High severity braces Dependency vulnerability was introduced in versions 7.11 of Confluence Data Center. This braces Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to...
DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center
This High severity decode-uri-component Dependency vulnerability was introduced in version 7.0.1 of Confluence Data Center. This decode-uri-component Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 3.7.0 of Confluence Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Bitbucket Datacenter REST API allows non-admin users to query all groups and members of the group
h3. Issue Summary Non-admin users any licensed user can query all the groups and members of the groups using the below API Groups API|https://developer.atlassian.com/server/bitbucket/rest/v819/api-group-permission-management/api-api-latest-admin-groups-get Group memberships...
Smart commit action do not respect user permission for Comment actions
h3. Summary When executing a smart commit for adding a comment as per Processing issues with Smart Commits|https://confluence.atlassian.com/jirasoftwareserver0904/processing-issues-with-smart-commits-1188765783.html, it is not failing even if the user does not have permission for the requested...
Confluence System error page is displaying environment details.
h3. Issue Summary Confluence System error page is displaying environment details. This has been fixed as per https://jira.atlassian.com/browse/CONFSERVER-55306 but the issue still persists. This is reproducible on Data Center: yes h3. Steps to Reproduce Create a Confluence instance with version...
Plan managed by specs allows to modify artifact dependencies with UI
h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...
Sending multiple concurrent file upload requests will permanently break a review - CVE-2020-29447
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. Affected...
SQL Injection in Jira Software Server [Integration for HipChat]
Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin. Affected versions: versions 8.14.0 Fixed versions: 8.14.0 The plugin is no longer installed in new versions of Jira. However, the removal of the plugi...
Information disclosure of repository HTTP password in logs - CVE-2017-18112
Affected versions of Atlassian FishEye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. Affected versions: version 4.8.3 Fixed versions: 4.8.3 4.9.0...
Improve error handling in commits page and REST endpoint
Adding a trail "%27" at the commits page URL in Bitbucket causes the application to output the error below. !screenshot-1.png|thumbnail! This error is improper error handling as it shows the path to the git executable in the server as well as it exceeds the limits of the error page and does not...
Denial of service in Dashboard & Gadgets - CVE-2020-14167
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in Dashboard & Gadgets. Affected versions: version 7.13.14 8.5.0 ≤ version 8.5.5 8.8.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...
Improper Authorization in Applinks - CVE-2019-20105
The Application links plugin used in Atlassian Confluence Server and Data Center before version 6.13.11, and from version 6.14.0 before version 7.3.3 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an improper authorization check. See...
Unable to secure remote agents via automatic keystore management
h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...
Sessions never expire due to continuous XHR
Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...
Open redirect in the XsrfErrorAction resource - CVE-2018-13401
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0...
Vulnerable javascript library: jQuery
Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...
Various resources included the current remote directory password in their responses - CVE-2016-10740
Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...
REST endpoint user impersonation using authentication module functionality - CVE-2017-16858
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
Repo password on display for the world to see.
I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...
Bitdefender reported virus in Git LFS plugin
!Capture1.PNG!...
REST API attachment request still works with wrong/expired cookie
h3. Summary If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment JIRA v1000.892.2 h3. Steps to Reproduce Use Cookie Based Authentication using a wrong/expired cookie Perform a RE...
XSS Vulnerability in wiki markup
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-51825. panel Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various...
Lucene query checks plan permission against random plan
h1. Summary Bamboo runs permission validation against random plan when execute report h1. Details When execute report generator Bamboo checks if user has READ permission to plan. Sometimes it checks it against another plan User mode Create 2 plans Plan1 and Plan2 in same project. And execute them...
Shell Injection in SourceTree for Mac
SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...
The Confluence Login page should not gives details of build version to unauthenticated users
The login page discloses detailed version information of the application to unauthenticated users. !screenshot-1.png|thumbnail! This information facilitates finding vulnerabilities for possible attackers suggestion: Remove the build number completely in the login page...
JSON export doesn't differentiate public from internal comments
h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...
Bad performance noticed on issues with long history
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45903. panel Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no...
xss by swf file
In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...
"JIRA Project Releases" event should respect Project's permissions
Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. It means even people that have no access to some project will see the release dates from the forbidden project. Expected behavior: Users should see only "JIRA Project Releases" from...
JIRA HTTP Dump Recorded Credential information As Text
Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...
Bundled Java Version Security Patches
At the moment, the bundled JAVA is version 1.7.015. The recent JAVA version is 1.7.72, which has many security patches http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html. Does the security vulnerabilities on bundled JAVA JRE something that we should be concerned about?...
Expired user in Active Directory do not stop user from cloning via SSH
User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...
User receiving notification from a restricted space
h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...
Crowd gives more admin permissions than is apparent
When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...
Specify logging level to Prevent Root DEBUG from Exposing Login
h3. Summary Setting root level DEBUG can expose login information username/pw when JIRA is connected to Crowd for user management, as it outputs the REST POST contents that are transmitted through the HttpClient. h3. Environment Crowd integrated with JIRA for user management. h3. Steps to Reprodu...
Domain restricted signup is creating enabled users on ApacheDS
When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...