Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2020/06/02 5:55 a.m.•25 views

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...

4.3CVSS5.1AI score0.0075EPSS
Exploits0
Atlassian
Atlassian
•added 2020/04/29 9:16 a.m.•25 views

About Jira page can be accessed anonymously

h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2020/04/27 8:28 p.m.•25 views

Users that are not logged into Jira can navigate to crafted URL's and inject messages onto the page

h3. Issue Summary Non-authenticated users can navigate to crafted URL's in Jira and inject messages onto the page. h3. Steps to Reproduce Navigate to a URL such as localhost:8080/jira/secure/VoteOrWatchIssue.jspa Add some additional text behind the URL such as...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2020/04/16 8:37 p.m.•25 views

Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...

7.2CVSS7.1AI score0.01669EPSS
Exploits0
Atlassian
Atlassian
•added 2019/12/17 3:46 a.m.•25 views

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

4.3CVSS3.1AI score0.00915EPSS
Exploits0
Atlassian
Atlassian
•added 2019/10/01 12:46 a.m.•25 views

commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)

h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2018/12/12 12:25 p.m.•26 views

Crowd silently ignores changes to active status of users in Azure AD.

When Crowd synchronises users for the very first time from Azure AD it will recognise "active" state of users correctly. Unfortunately, on next synchronisations Crowd ignores changes to these statuses, so once they are set, they will never change...

2.6AI score
Exploits0
Atlassian
Atlassian
•added 2018/06/29 9:11 p.m.•25 views

Upgrade to version 3.2.2 of apache commons-collections

h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...

4.7AI score
Exploits0
Atlassian
Atlassian
•added 2018/06/14 8:26 a.m.•25 views

XSS in User Macros, Macro Title and Icon URL

h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2018/02/02 12:12 a.m.•25 views

XSS in various resources in the issuesURL parameter - CVE-2017-18086

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuesURL parameter...

6.1CVSS4.3AI score0.00825EPSS
Exploits0
Atlassian
Atlassian
•added 2017/11/22 5:11 p.m.•25 views

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

7.1AI score
Exploits0
Atlassian
Atlassian
•added 2017/10/01 11:57 p.m.•25 views

HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header

When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/06/06 5:25 a.m.•25 views

CVE-2016-4321: XSS in moving User Repos

There was a XSS, which required user interaction, when moving user repositories...

2AI score
Exploits0
Atlassian
Atlassian
•added 2016/03/02 10:0 p.m.•25 views

Enabling SSL Broker for Remote Agents breaks Elastic Agent connectivity

h3. Summary When enabling SSL connectivity for remote agents by changing the Broker URL and Broker Client URL protocols from tcp:// to ssl://, elastic agents are no longer able to connect h3. Steps to Reproduce Start an Elastic Agent and run a test build to confirm Elastic Agents are connecting...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2015/10/05 10:0 p.m.•25 views

Cross-Site Scripting in subscribetocalendar.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and...

6.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/06/10 5:24 a.m.•25 views

CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI

In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2015/04/23 11:6 a.m.•25 views

Modernize Confluence Backup & Restore

As a User in all possible roles in order to save time & money and prevent unintended problems caused by the current implementation I want to have a modernized version of Backup & Restore from now on BR in Confluence. Acceptance criteria BR is GUI based BR functionality is integrated in GUI where ...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/04/22 4:3 p.m.•25 views

Restricted Question topic can be seen by restricted users

Bug Description As describe in a new feature available for Confluence questions: quote Use your existing space permissions - only people who can view the space can search for and see questions that were asked there.quote This will cause misunderstanding as users might think that Questions topics...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/03/24 9:0 a.m.•25 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/03/18 3:28 a.m.•25 views

Project avatar resource vulnerable to XSRF

The project avatar resource accepts content type of MULTIPARTFORMDATA so a malicious attacker could use javascript to submit a form from a foreign host to a stash server and trick the user into changing the project avatar in Stash. cc David Black Atlassian - is there any reason why panopticon fou...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/03/15 10:56 p.m.•25 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2015/01/06 2:10 a.m.•25 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/10/27 10:1 p.m.•25 views

HTML does not render in Project Description

If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/07/14 9:21 a.m.•25 views

Information disclosure in the REST API

Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/27 1:2 a.m.•25 views

Remote DoS Exploit on Confluence

Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2014/06/26 8:0 p.m.•25 views

Define the security for which plugins can be used by which users on which pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/05/12 1:35 a.m.•25 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/05/12 1:35 a.m.•25 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2014/05/08 7:34 a.m.•25 views

Applink configuration data is exposed anonymously

If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs and URLs of the applinks configured on the instance. e.g. an anonymous request to https://jira.atlassian.com/rest/issueLinkAppLink/1/appLink/info returns code:javascript...

7.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/04/09 5:43 p.m.•25 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/01/13 9:18 p.m.•25 views

Encrypt password variables

All variables are currently stored in the database with no encryption Exceptions are repository passwords and Bamboo passwords which are irreversibly hashed/salted. ex. : Deployment variables that contain passwords are stored in the database with no encryption. So anyone with access to the databa...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/12/17 1:41 p.m.•25 views

Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break

Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...

1.7AI score
Exploits0
Atlassian
Atlassian
•added 2013/11/22 3:8 a.m.•25 views

JIRA Workflow Step Property jira.permission.browse allows you to view issues in issue navigator

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-35917. panel h3. Summary The JIRA Workflow Step Property jira.permission.browse does not prevent you to view issues in issue navigator. h3...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/11/15 6:12 p.m.•25 views

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

7.5AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/25 2:11 p.m.•25 views

Password displayed in clear text when logging in to a websudo session that has expired

When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text. This is a breach in security; the password should never be displayed in clear text on a web page...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/20 5:4 p.m.•25 views

Unauthenticated enumeration of resource information via tinymce plugin

It is possible for unauthenticated users to retrieve a large amount of information from a Confluence instance, including page titles, attachment filenames, and username, by making calls to the link REST API in the confluence-tinymce-plugin. This is effective even when the anonymous user does not...

2.8AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/17 9:4 a.m.•25 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/17 9:4 a.m.•25 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/11 8:30 a.m.•25 views

getRedirect in JiraWebActionSupport redirects to unsafe URLs by default

In jira-components/jira-api/src/main/java/com/atlassian/jira/web/action/JiraWebActionSupport.java the following code is found: code:java / Redirects to the value of @code getReturnUrl, falling back to @code defaultUrl if the @code returnUrl is not set. This method clears the @code returnUrl. If...

0.7AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/11 7:3 a.m.•25 views

Arbitrary file creation in AbstractRendererExporterImpl

To reproduce: 1. Create a new space. 2. Create a new page. 3. Attach a file called test.txt to the page. 3. Edit the page, and add an image with the URL: code /confluence/s/download/attachments/pageid//../../../../../../../../../../../../tmp/test.txt code \pageid\ must be replaced with the actual...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/11 5:4 a.m.•25 views

Moving pages around spaces using HTTP get without XSRF token

Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this: http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2 Malicious example of how to exploit this in an email message: after opening the email, th...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/11 5:4 a.m.•25 views

Moving pages around spaces using HTTP get without XSRF token

Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this: http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2 Malicious example of how to exploit this in an email message: after opening the email, th...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2013/08/23 1:38 a.m.•25 views

CSRF in doremoveblogpost.action

Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL. /pages/doremoveblogpost.action?pageId=...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/08/09 4:40 a.m.•25 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2013/08/07 9:10 a.m.•25 views

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

0.4AI score
Exploits0
Atlassian
Atlassian
•added 2013/07/01 4:53 a.m.•25 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/07/01 4:53 a.m.•25 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0
Atlassian
Atlassian
•added 2013/06/26 2:56 p.m.•25 views

Agile board "Add Status" button is not available unless you are member of jira-administrators

As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/06/24 5:18 p.m.•25 views

JSON-RPC API functions available anonymously even though anonymous API access is disabled.

The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/05/08 1:31 p.m.•25 views

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to fra...

Exploits0
Total number of security vulnerabilities4295