Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2014/07/15 8:47 a.m.27 views

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/27 2:46 a.m.27 views

Any user without permission to view the page can view its label

h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/10 2:48 p.m.27 views

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.27 views

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 9:22 a.m.27 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 4:57 p.m.27 views

Unauthenticated access to private information via tinymce plugin

It is possible for unauthenticated users to retrieve information from a Confluence instance, including tables of contents and change histories for private pages, and lists of all attachments in a space, by making calls to the preview function of the macro REST API in the confluence-tinymce-plugin...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2013/08/07 9:10 a.m.27 views

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2013/08/03 8:0 a.m.27 views

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/01 4:53 a.m.27 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/05 6:39 a.m.27 views

Passwords of configured SMTP mail accounts are stored in cleartext

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29534. panel Passwords for configured mail accounts are stored in clear text in the database as can be seen e.g. by: code SELECT...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.27 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 4:8 a.m.27 views

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 3:39 a.m.27 views

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/15 3:54 a.m.27 views

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/08 2:27 a.m.27 views

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.27 views

Not being able to create webhooks with basic authentication.

Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/16 8:52 a.m.27 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:52 p.m.27 views

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/10 7:37 a.m.27 views

JIRA REST API makes it easy to harvest email addresses

The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/09 3:15 a.m.27 views

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2012/05/24 12:15 p.m.27 views

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

2AI score
Exploits0
Atlassian
Atlassian
added 2012/05/21 7:54 a.m.27 views

persistent xss through flash swf file attachment download

It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call method to inject javascript defined in the swf file into the browser...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/13 12:43 p.m.27 views

persistent xss through svg file attachment download

The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:27 a.m.27 views

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/03/30 4:54 a.m.27 views

XML Vulnerability in Confluence

We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to: Execute denial of service attacks against the Confluence server, or Read all local files readable to the system user under...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/11/02 1:44 a.m.27 views

Permission Checking Bug in FishEye Changeset Tooltips

We have identified and fixed a permission checking bug in the FishEye changeset tooltips. Affected versions are 2.4.6 to 2.5.6 This bug allows users to view metadata for a changesets that they do not have permission to view. This issue is reported in our security advisory on the following page:...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/10/26 2:13 a.m.27 views

XSS vulnerability in /agent/configureAgents resource

We have identified and fixed a reflected cross-site scripting XSS vulnerability in the Bamboo configureAgents resource. This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ You can read more about XSS attacks at:...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2011/09/07 10:10 p.m.27 views

View PDF Macro in Office Connector makes http fetch from Adobe from https session

The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/01/10 2:0 a.m.27 views

Lock account after multiple login failure

For security purposes, it is desirable to have a mechanism to lock an account if the user attempted multiple login unsuccessfully. Perhaps something like what they are doing here: http://jira.codehaus.org/browse/CONTINUUM-796 See also:...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/06/21 3:46 a.m.27 views

XSS vulnerability in Contributors macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence \contributors macro. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/16 4:34 a.m.27 views

Miscellaneous support-related JSPs contain XSS holes

JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are: groupnames.jsp indexbrowser.jsp...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/02/04 9:0 p.m.27 views

Confluence adminsistrators can still view a restricted page if the type in the URL or click on a link in an email

If I set page viewing restrictions on a wki page to one group of which I am a member, other users, including confluence adminsistrators, cannot see the page when navigating within the application. If they type in the URL of the restricted page or click on a link to the restricted page, then can...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/01/14 8:33 p.m.27 views

CAPTCHA Option Should Exist for The Password Reset Form

The password reset prompt allows an individual to reset any user's password. My company uses a standard employee id to use for the JIRA username. With little knowledge, I designed a script that can cycle through employee id numbers and submit them to the reset password form. This process can repe...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/12/24 12:36 a.m.27 views

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

7AI score
Exploits0
Atlassian
Atlassian
added 2009/07/28 5:51 a.m.27 views

Allow issue security level to use any custom field that implements UserCFNotificationTypeAware

It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/05/20 6:5 p.m.27 views

CSRF attack message thrown when JSESSIONID is changed

Symptoms: Anything that is using DWR will fail. Meaning: page editor is fully or partially unusable and it may display the text "Draft saving timed out" on top of the text area. At the same time, the following error messages are printed in the Confluence log: noformat 2009-05-15 08:06:36,011 ERRO...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/05/14 3:26 a.m.27 views

Prevent global settings from being accidentally overwritten

On a number of occasions, upgrading Extranet has triggered some kind of bug that has caused the global settings to be reset to their default values. The most obvious cause of this is that some piece of code has created a new Settings object and saved it through the settings manager. One way to...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/04 6:44 a.m.27 views

Fix header injection vulnerabilities

A number of vulnerabilities were found during JRA-16024 which expose JIRA to header injection attacks: Note that different application server configurations may expose or hide the presence of a header injection vulnerability. Standalone tomcat is usually not vulnerable. Tomcat 5.5.26 redirects al...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/11/12 10:32 a.m.27 views

Repository Security improvement - the default for creating a new repository should be restricted to admins until specifically configured.

I just noticed that when setting up repositories, they were created with 'default' which mean if public sign up was on, they were able to see the repos. For the sake of security, a fresh install should default to restricting access to admins, perhaps through a default-created group 'admins'. Anon...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/10/20 8:13 a.m.27 views

XSS bug in wiki markup link rendering

The following wikimarkup creates links with an onclick event. noformat test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' noformat This is due to the following code in...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/08/25 10:28 a.m.27 views

Hidden pages' content can be viewed without permission using copypage.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A User cannot see Space A User can see Space B The following URL will allo...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/04/24 5:54 a.m.27 views

Implement login using google Authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-14866. panel We are a small company , and we are using Google for mail , calender etc ... For now we are using open ldap to authenticate user...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/04/15 12:31 a.m.27 views

Users can move attachments to a space they have no permission for

Any user with permission to edit pages in a space can move attachments in that space to any page in Confluence. Eg: suppose we have a user named StandardUser who has permission to edit pages in GeneralSpace, but no permission to view or edit RestrictedSpace, which contains a page predictably name...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2007/10/12 10:49 p.m.27 views

Security Issue: XSS in wiki exception error page

The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...

6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/15 10:8 p.m.27 views

Implement user lockout mechanism to stop bruteforce login attacks

Hacker can try as many time he wants to login JIRA. You can build client, which sends username+password combinations as many time as you like. .. and if you have username, it is much easier to get in. ---- Implementation ideas: 1 Lock user after sequential X incorrect logins - X can be set by...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/09/17 9:37 a.m.27 views

MoveIssue does not keep the security issue level after the move.

MoveIssue does not keep the security issue level after the move...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.26 views

Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server

This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.26 views

DoS (Denial of Service) in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.9AI score0.0043EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.26 views

HTTP Request/Response Smuggling Apache Tomcat Dependency in Confluence Data Center

This High severity HTTP Request/Response Smuggling vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request/Response Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.00453EPSS
Exploits0
Atlassian
Atlassian
added 2026/03/11 1:10 p.m.26 views

Missing XML Validation vulnerability in Apache Struts Dependency in Bamboo Data Center

This High severity Missing XML Validation vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0 and 10.2.0 of Bamboo Data Center. This Missing XML Validation vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an plugin vendor ...

8.1CVSS5.8AI score0.23054EPSS
Exploits1
Total number of security vulnerabilities4295