Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2020/06/18 2:44 a.m.27 views

Denial of service in Dashboard & Gadgets - CVE-2020-14167

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in Dashboard & Gadgets. Affected versions: version 7.13.14 8.5.0 ≤ version 8.5.5 8.8.0 ≤ version 8.8.2 8.9.0 ≤ version 8.9.1 Fixed...

7.5CVSS6.2AI score0.02129EPSS
Exploits0
Atlassian
Atlassian
added 2020/03/17 3:45 a.m.27 views

Improper Authorization in Applinks - CVE-2019-20105

The Application links plugin used in Atlassian Confluence Server and Data Center before version 6.13.11, and from version 6.14.0 before version 7.3.3 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an improper authorization check. See...

4.9CVSS5.2AI score0.01487EPSS
Exploits0
Atlassian
Atlassian
added 2019/02/21 3:25 a.m.27 views

Sending a specific stream of data on the Hazelcast 5701 port can lead to Bitbucket being unavailable

h3. Issue Summary Specific data streams can cause Bitbucket nodes to become unresponsive. The following can be found in the logs: noformat WARN hz.hazelcast.IO.thread-Acceptor c.h.nio.tcp.SocketAcceptorThread :5701 3.7.4-atlassian-43 java.io.UTFDataFormatException: Rejecting request to read...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2018/12/07 5:49 p.m.27 views

Sessions never expire due to continuous XHR

Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2018/03/08 9:8 a.m.27 views

Various resources included the current remote directory password in their responses - CVE-2016-10740

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...

4.9CVSS4.6AI score0.01056EPSS
Exploits0
Atlassian
Atlassian
added 2018/02/20 7:44 p.m.27 views

createmeta() API call does not respect permissions

The API call for createmeta which should return metadata required for creation of issues, does not respect permissions in some cases. I was working on an automation for my team when i discovered this. Following are the details: - The bot account i am using did not have permission to view a certai...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/02/05 4:40 p.m.27 views

Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially

h3. Summary Nested groups with uppercase letters cannot be removed from Confluence, after having been synced initially. If you synchronize nested groups with upper case letters into Confluence from Crowd / LDAP, and then update the external directory to remove the child groups, the groups will no...

2AI score
Exploits0
Atlassian
Atlassian
added 2017/12/12 8:33 a.m.27 views

REST endpoint user impersonation using authentication module functionality - CVE-2017-16858

The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

6.8CVSS1.8AI score0.00576EPSS
Exploits0
Atlassian
Atlassian
added 2017/11/22 5:11 p.m.27 views

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/06/02 3:55 p.m.27 views

Bitdefender reported virus in Git LFS plugin

!Capture1.PNG!...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/04/20 3:45 p.m.27 views

REST API attachment request still works with wrong/expired cookie

h3. Summary If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment JIRA v1000.892.2 h3. Steps to Reproduce Use Cookie Based Authentication using a wrong/expired cookie Perform a RE...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/03/14 4:40 a.m.27 views

XSS Vulnerability in wiki markup

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-51825. panel Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/17 4:45 a.m.27 views

Shell Injection in SourceTree for Mac

SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...

3.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/13 4:59 a.m.27 views

The Confluence Login page should not gives details of build version to unauthenticated users

The login page discloses detailed version information of the application to unauthenticated users. !screenshot-1.png|thumbnail! This information facilitates finding vulnerabilities for possible attackers suggestion: Remove the build number completely in the login page...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/08/02 3:31 p.m.27 views

JSON export doesn't differentiate public from internal comments

h4. +Summary+ Currently, when exporting a SD request to JSON format, it's not possible to tell which comment is internal or public from the JSON file. h4. +Steps to reproduce+ Go to Manage add-ons - All add-ons - jira-importers-plugin - Enable JSON export Create an SD request and add one internal...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/01/07 11:25 a.m.27 views

One FishEye admin can get access to repository password provided by another admin

It was possible to retrieve the repository passwords provided by another administrator via web browser session. It was fixed now, so password can still be changed or unset if necessary, but it is not possible to read its contents...

3.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/07/02 3:27 a.m.27 views

xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/08 11:4 a.m.27 views

"JIRA Project Releases" event should respect Project's permissions

Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. It means even people that have no access to some project will see the release dates from the forbidden project. Expected behavior: Users should see only "JIRA Project Releases" from...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/05/25 10:28 a.m.27 views

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2015/03/10 3:44 p.m.27 views

Expired user in Active Directory do not stop user from cloning via SSH

User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.27 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/28 10:18 a.m.27 views

Disabling user in delegated Active Directory doesn't disable them in Confluence until they log in

h3.Steps to Reproduce Create a delegated directory, hooked to Active Directory Login with an AD user, with the "Remember Me" option checked Close the browser completely Disable the user in AD by checking the "Account is disabled" option in User Properties Account Account Options Launch the browse...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/13 9:50 a.m.27 views

User receiving notification from a restricted space

h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2014/10/27 10:1 p.m.27 views

HTML does not render in Project Description

If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/28 1:0 a.m.27 views

Crowd gives more admin permissions than is apparent

When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2014/07/17 11:20 p.m.27 views

Specify logging level to Prevent Root DEBUG from Exposing Login

h3. Summary Setting root level DEBUG can expose login information username/pw when JIRA is connected to Crowd for user management, as it outputs the REST POST contents that are transmitted through the HttpClient. h3. Environment Crowd integrated with JIRA for user management. h3. Steps to Reprodu...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2014/03/27 2:46 a.m.27 views

Any user without permission to view the page can view its label

h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/17 2:18 a.m.27 views

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/10 2:48 p.m.27 views

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.27 views

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.27 views

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2013/10/02 11:33 a.m.27 views

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 9:22 a.m.27 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 4:57 p.m.27 views

Unauthenticated access to private information via tinymce plugin

It is possible for unauthenticated users to retrieve information from a Confluence instance, including tables of contents and change histories for private pages, and lists of all attachments in a space, by making calls to the preview function of the macro REST API in the confluence-tinymce-plugin...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2013/08/09 4:40 a.m.27 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/07 9:10 a.m.27 views

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2013/08/03 8:0 a.m.27 views

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/01 4:53 a.m.27 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 2:9 p.m.27 views

Disallow multiple sessions for an account

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33586. panel It is currently possible to run several sessions under any account. Some customers prefer to restrict the number of sessions to...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/05 6:39 a.m.27 views

Passwords of configured SMTP mail accounts are stored in cleartext

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29534. panel Passwords for configured mail accounts are stored in clear text in the database as can be seen e.g. by: code SELECT...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.27 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 4:8 a.m.27 views

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 3:39 a.m.27 views

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/15 3:54 a.m.27 views

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/08 2:27 a.m.27 views

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/16 8:52 a.m.27 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/09 3:15 a.m.27 views

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2012/05/24 12:15 p.m.27 views

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

2AI score
Exploits0
Atlassian
Atlassian
added 2012/05/21 7:54 a.m.27 views

persistent xss through flash swf file attachment download

It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call method to inject javascript defined in the swf file into the browser...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/13 12:43 p.m.27 views

persistent xss through svg file attachment download

The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...

1.4AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295