Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2022/10/31 12:2 p.m.•26 views

Putting a word in quotes and having the > character in the summary allows scripts to execute

h3. Issue Summary If you have a summary with a word in double quotes, similar to "Something" and have the character. Then you can execute actions through tags in the summary This is reproducible on Data Center: Yes h3. Steps to Reproduce This can be reproduced when editing and creating an issue...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2022/08/24 9:34 a.m.•26 views

Template Injection in Email Templates leads to RCE on Jira Service Management Server

Affected versions of Atlassian Jira Service Management Server and Data Center allows JIRA Administrators to execute arbitrary system commands via a template injection in the endpoint /admin/EmailTemplatesSettings!default.jspa. The affected versions are before version 8.13.19, from version 8.14.0...

6.7AI score
Exploits0
Atlassian
Atlassian
•added 2022/03/16 5:14 a.m.•26 views

Admin user can toggle JMX monitoring without WebSudo validation

Affected versions of Atlassian Jira Server and Data Center allow attackers with administrator privileges to bypass WebSudo validation in order to toggle JMX monitoring, via a Broken Access Control vulnerability in the JmxMonitoringAction.jspa endpoint. The affected versions are before version...

6.4AI score
Exploits0
Atlassian
Atlassian
•added 2021/05/20 10:43 p.m.•26 views

Bitbucket XSS, privilege escalation from "Project Creator" to "System admin" on project deletion

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

5.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2020/04/29 9:16 a.m.•26 views

About Jira page can be accessed anonymously

h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2020/01/29 11:27 p.m.•26 views

Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability...

5.3CVSS5.1AI score0.0147EPSS
Exploits0
Atlassian
Atlassian
•added 2019/12/17 3:46 a.m.•26 views

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

4.3CVSS3.1AI score0.00915EPSS
Exploits0
Atlassian
Atlassian
•added 2019/12/10 2:35 a.m.•26 views

Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...

4.3CVSS6.3AI score0.00732EPSS
Exploits0
Atlassian
Atlassian
•added 2019/12/10 2:18 a.m.•26 views

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

6.1CVSS4.1AI score0.00739EPSS
Exploits0
Atlassian
Atlassian
•added 2019/11/15 3:5 p.m.•26 views

Disabling SAML override in Confluence Data Center doesn't work

h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...

1.3AI score
Exploits0
Atlassian
Atlassian
•added 2019/10/01 12:46 a.m.•26 views

commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)

h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2019/03/21 12:52 a.m.•26 views

The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service

The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...

4.5AI score
Exploits0
Atlassian
Atlassian
•added 2019/02/13 12:37 a.m.•26 views

Insufficient Session Expiration of user sessions - CVE-2018-20238

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability...

8.1CVSS5.4AI score0.01513EPSS
Exploits0
Atlassian
Atlassian
•added 2018/12/12 12:25 p.m.•27 views

Crowd silently ignores changes to active status of users in Azure AD.

When Crowd synchronises users for the very first time from Azure AD it will recognise "active" state of users correctly. Unfortunately, on next synchronisations Crowd ignores changes to these statuses, so once they are set, they will never change...

2.6AI score
Exploits0
Atlassian
Atlassian
•added 2018/09/21 10:27 a.m.•26 views

Deprecate support for authenticating using os_username, os_password as url query parameters

h4. Problem Support for using osusername and ospassword to authenticate when used as url query parameters has been deprecated in Jira 8.0.0. It is possible to disable support for osusername & ospassword as url query parameters for authentication by setting allowUrlParameterValue to false in...

3.7AI score
Exploits0
Atlassian
Atlassian
•added 2018/04/10 4:25 a.m.•26 views

XSS in various types of nested wiki markup - CVE-2017-18102

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...

5.4CVSS5.5AI score0.00921EPSS
Exploits0Affected Software1
Atlassian
Atlassian
•added 2017/12/06 4:35 p.m.•26 views

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

7.7AI score
Exploits0
Atlassian
Atlassian
•added 2017/11/27 8:44 a.m.•26 views

JQuery Update to the latest version

h3. Definition JQuery is currently at version 1.7.2 where it contains 1 medium security vulnerability. h3. Suggestion To update the JQuery version that does not have a vulnerability threat...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2017/11/22 5:11 p.m.•26 views

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

7.1AI score
Exploits0
Atlassian
Atlassian
•added 2017/10/17 2:8 p.m.•26 views

Contributors Summary Macro Shows Data to Anonymous Users

h2. Steps to reproduce In Global Permission, ensure Anonymous users "Can Use" Confluence Create new Space , eg: SpaceA Go To Space Tools Permissions Edit Permission Ensure Anonymous Users has "View" Permission Create a few test pages in SpaceA Then, create a page containing both Contributors Macr...

4AI score
Exploits0
Atlassian
Atlassian
•added 2017/09/28 9:47 p.m.•26 views

Email address is not validated when updating user profile

On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2017/01/09 11:15 p.m.•26 views

XSS on Delete Webhook

It was possible for users with JIRA administrator rights to perform an XSS attack through convincing another user, potentially a user with system administrators rights, to delete a specific webhook...

3.7AI score
Exploits0
Atlassian
Atlassian
•added 2016/10/11 1:45 p.m.•26 views

Empty REST API result return for User without Browse Users permission

h3. Summary User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return: code:borderStyle=dashed code h3. Steps to Reproduce Create User A Gives User A permission to Administrato...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/06/06 5:25 a.m.•26 views

CVE-2016-4321: XSS in moving User Repos

There was a XSS, which required user interaction, when moving user repositories...

2AI score
Exploits0
Atlassian
Atlassian
•added 2016/03/02 10:0 p.m.•26 views

Enabling SSL Broker for Remote Agents breaks Elastic Agent connectivity

h3. Summary When enabling SSL connectivity for remote agents by changing the Broker URL and Broker Client URL protocols from tcp:// to ssl://, elastic agents are no longer able to connect h3. Steps to Reproduce Start an Elastic Agent and run a test build to confirm Elastic Agents are connecting...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2015/12/04 6:16 a.m.•26 views

Upgrade to version 3.2.2 of apache commons-collections

quote This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for...

0.6AI score
Exploits0
Atlassian
Atlassian
•added 2015/12/04 6:9 a.m.•26 views

Upgrade to version 3.2.2 of apache commons-collections

quote This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for...

0.6AI score
Exploits0
Atlassian
Atlassian
•added 2015/10/27 2:47 a.m.•26 views

XSRF check failure when trying to add a logo to a topic

h3. Steps to reproduce Create a topic in Confluence Questions. Select an image as a logo. Click Done. h3. Expected results The topic is created with the chosen logo. h3. Actual results The topic is created, but with the default tag logo. h3. Notes The same thing occurs when trying to add a logo t...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/10/05 10:0 p.m.•26 views

Cross-Site Scripting in subscribetocalendar.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and...

6.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/06/03 8:28 a.m.•26 views

XSS in JIRA via PDF attachment

PDF attachments are considered active content and can be used to xss users...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/04/23 11:6 a.m.•26 views

Modernize Confluence Backup & Restore

As a User in all possible roles in order to save time & money and prevent unintended problems caused by the current implementation I want to have a modernized version of Backup & Restore from now on BR in Confluence. Acceptance criteria BR is GUI based BR functionality is integrated in GUI where ...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/04/22 4:3 p.m.•26 views

Restricted Question topic can be seen by restricted users

Bug Description As describe in a new feature available for Confluence questions: quote Use your existing space permissions - only people who can view the space can search for and see questions that were asked there.quote This will cause misunderstanding as users might think that Questions topics...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/03/24 9:0 a.m.•26 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/03/15 10:56 p.m.•26 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2014/10/01 2:52 p.m.•26 views

Confluence Security Settings not respected by Confluence Questions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/07/15 8:47 a.m.•26 views

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/07/14 9:21 a.m.•26 views

Information disclosure in the REST API

Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/05/12 1:35 a.m.•26 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/05/12 1:35 a.m.•26 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2014/02/21 9:7 a.m.•26 views

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2013/11/15 6:12 p.m.•26 views

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

7.5AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/25 2:11 p.m.•26 views

Password displayed in clear text when logging in to a websudo session that has expired

When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text. This is a breach in security; the password should never be displayed in clear text on a web page...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/20 5:4 p.m.•26 views

Unauthenticated enumeration of resource information via tinymce plugin

It is possible for unauthenticated users to retrieve a large amount of information from a Confluence instance, including page titles, attachment filenames, and username, by making calls to the link REST API in the confluence-tinymce-plugin. This is effective even when the anonymous user does not...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/11 8:30 a.m.•26 views

getRedirect in JiraWebActionSupport redirects to unsafe URLs by default

In jira-components/jira-api/src/main/java/com/atlassian/jira/web/action/JiraWebActionSupport.java the following code is found: code:java / Redirects to the value of @code getReturnUrl, falling back to @code defaultUrl if the @code returnUrl is not set. This method clears the @code returnUrl. If...

0.7AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/11 5:4 a.m.•26 views

Moving pages around spaces using HTTP get without XSRF token

Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this: http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2 Malicious example of how to exploit this in an email message: after opening the email, th...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/11 5:4 a.m.•26 views

Moving pages around spaces using HTTP get without XSRF token

Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this: http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2 Malicious example of how to exploit this in an email message: after opening the email, th...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2013/08/23 1:38 a.m.•26 views

CSRF in doremoveblogpost.action

Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL. /pages/doremoveblogpost.action?pageId=...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/07/19 5:18 a.m.•26 views

Crowd OpenID server does not enforce profile ownership for viewing

Similar to CWD-3465, it seems that not enforce profile ownership for viewing. That is, a non-admin user called Mallory can view Alice's profile information if Mallory obtains Alice's profileId number. For example, https://openid.atlassian.com/secure/profile/editprofiles.action?profileID=15240744...

1.8AI score
Exploits0
Atlassian
Atlassian
•added 2013/06/26 2:56 p.m.•26 views

Agile board "Add Status" button is not available unless you are member of jira-administrators

As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/05/08 1:31 p.m.•26 views

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to fra...

Exploits0
Total number of security vulnerabilities4295