4295 matches found
Vulnerability against DoS attack via labels
Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...
UnsupportedOperationException with hasPermissionToCreate when called with DocumentIssueImpl
Extending the SearchRequestPortlet for Kaamelot Portlet, I use WorklogService.hasPermissionToCreateJiraServiceContext jiraServiceContext, Issue issue . As SearchRequestPortlet provides through its SearchProvider a list of Issue based on class DocumentIssueImpl, the hasPermissionToCreate fails wit...
MoveIssue does not keep the security issue level after the move.
MoveIssue does not keep the security issue level after the move...
Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server
This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...
DoS (Denial of Service) in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
HTTP Request/Response Smuggling Apache Tomcat Dependency in Confluence Data Center
This High severity HTTP Request/Response Smuggling vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request/Response Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Missing XML Validation vulnerability in Apache Struts Dependency in Bamboo Data Center
This High severity Missing XML Validation vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0 and 10.2.0 of Bamboo Data Center. This Missing XML Validation vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an plugin vendor ...
DoS (Denial of Service) net.minidev:json-smart Dependency in Bamboo Data Center and Server
This High severity net.minidev:json-smart Dependency vulnerability was introduced in versions 9.6.0, 10.0.0-rc5, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This net.minidev:json-smart Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Bamboo Data Center and Server
This High severity com.thoughtworks.xstream:xstream Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0-rc5, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This com.thoughtworks.xstream:xstream Dependency vulnerability, with a CVSS Score of 7...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 5.2.0, 5.3.0, and 6.0.0 of Crowd Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Script execution via PDF as attachment - CVE-2021-39111
The attachment as PDF is a vulnerable PDFJS library. To confirm the vulnerability, we uploaded a PDF file containing a JavaScript. After opening a preview of the PDF file, the console displayed the message "Hello, xss is working," indicating that the JavaScript code had been successfully executed...
The "Your Jira Issues" section on the Bitbucket dashboard is fetching images via the internal Application URL rather than the external Display URL
h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Create an Application link to Jira Instance with different "Application" and 'Display URLs' !image-2024-05-14-18-13-31-601.png|thumbnail! Block the 'Application URL' access on the client system browser using...
Merge Conflict PRs in Confluence-frontend-plugin
Merge Conflict PRs in Confluence-frontend-plugin after NPM Audit Fix...
Confluence XHR requests have the wrong content type
h3. Problem Watching or Stop watching a Confluence page and other operations see below list of identified endpoints will generate a request like the one below copied as curl from HAR capture for convenience: code:java curl 'https://confluence/rest/api/user/watch/content/9999999' \ -X 'DELETE' \ -...
Smart commits are processed in Jira for repositories without smart commits when synced via git webhooks
h3. Issue Summary This is reproducible on Data Center: yes Explanation: This bug shows up only for integration using webhooks. Smar commits works correctly when data is being synced during hourly polling job. Environment requirements: Jira needs to be available for Git instance to let git webhook...
User enumeration security issue when external authentication server is used
h3. Issue Summary This is reproducible on all Atlassian on-prem products that use LDAP or any other external server for authentication. It is possible to find out which usernames exists in the system and which do not exist by studying the response times it takes for a server to process a login...
Putting a word in quotes and having the > character in the summary allows scripts to execute
h3. Issue Summary If you have a summary with a word in double quotes, similar to "Something" and have the character. Then you can execute actions through tags in the summary This is reproducible on Data Center: Yes h3. Steps to Reproduce This can be reproduced when editing and creating an issue...
Template Injection in Email Templates leads to RCE on Jira Service Management Server
Affected versions of Atlassian Jira Service Management Server and Data Center allows JIRA Administrators to execute arbitrary system commands via a template injection in the endpoint /admin/EmailTemplatesSettings!default.jspa. The affected versions are before version 8.13.19, from version 8.14.0...
Admin user can toggle JMX monitoring without WebSudo validation
Affected versions of Atlassian Jira Server and Data Center allow attackers with administrator privileges to bypass WebSudo validation in order to toggle JMX monitoring, via a Broken Access Control vulnerability in the JmxMonitoringAction.jspa endpoint. The affected versions are before version...
Anonymous users can view list of installed gadgets in Jira
h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...
Attachment name, in questions/answers, is searchable despite not having Permissions for Questions
h4. Summary The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title...
Bitbucket XSS, privilege escalation from "Project Creator" to "System admin" on project deletion
This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...
About Jira page can be accessed anonymously
h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...
Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability...
Improper authorization on support files vulnerability in Jira - CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...
XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...
Disabling SAML override in Confluence Data Center doesn't work
h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...
commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)
h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...
The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service
The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...
Insufficient Session Expiration of user sessions - CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability...
Crowd silently ignores changes to active status of users in Azure AD.
When Crowd synchronises users for the very first time from Azure AD it will recognise "active" state of users correctly. Unfortunately, on next synchronisations Crowd ignores changes to these statuses, so once they are set, they will never change...
Deprecate support for authenticating using os_username, os_password as url query parameters
h4. Problem Support for using osusername and ospassword to authenticate when used as url query parameters has been deprecated in Jira 8.0.0. It is possible to disable support for osusername & ospassword as url query parameters for authentication by setting allowUrlParameterValue to false in...
XSS in various types of nested wiki markup - CVE-2017-18102
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...
XSS in various resources in the issuesURL parameter - CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuesURL parameter...
REST API - Improved HTTP Authentication
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...
JQuery Update to the latest version
h3. Definition JQuery is currently at version 1.7.2 where it contains 1 medium security vulnerability. h3. Suggestion To update the JQuery version that does not have a vulnerability threat...
Repo password on display for the world to see.
I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...
Email address is not validated when updating user profile
On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...
Restricted Work Log entries show in the Activity Stream for JIRA Cloud
h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...
XSS on Delete Webhook
It was possible for users with JIRA administrator rights to perform an XSS attack through convincing another user, potentially a user with system administrators rights, to delete a specific webhook...
Empty REST API result return for User without Browse Users permission
h3. Summary User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return: code:borderStyle=dashed code h3. Steps to Reproduce Create User A Gives User A permission to Administrato...
CVE-2016-4321: XSS in moving User Repos
There was a XSS, which required user interaction, when moving user repositories...
Upgrade to version 3.2.2 of apache commons-collections
quote This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for...
Upgrade to version 3.2.2 of apache commons-collections
quote This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for...
XSRF check failure when trying to add a logo to a topic
h3. Steps to reproduce Create a topic in Confluence Questions. Select an image as a logo. Click Done. h3. Expected results The topic is created with the chosen logo. h3. Actual results The topic is created, but with the default tag logo. h3. Notes The same thing occurs when trying to add a logo t...
Cross-Site Scripting in subscribetocalendar.action
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...