4295 matches found
jQuery 2.2.4 is vulnerable to prototype pollution
Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...
REST API - Improved HTTP Authentication
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...
Turning off audit logging does not result in any logs
h4. Steps to reproduce Enable Bamboo Audit Logging Make a change to confirm Audit Logging is turned on. Disable audit logging h4. Expected Behaviour An Audit log telling who and when turned off audit logging. h4. Observed Behaviour No Audit logs or any other log showing this change. h3. Workaroun...
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
Information disclosure in the /rest/api/2/user/picker rest resource - CVE-2019-3403
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check...
XSS in DWR
Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example...
Limited Remote File Read in Jira Software Server - CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]
Atlassian Confluence Server and Data Center is not affected by CVE-2019-0230 Apache Struts Potential Remote Code Execution Vulnerability...
Jira - CVE-2024-22243
h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...
XStream upgrade to 1.4.17
h3. Problem XStream is vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. This ticket tracks it's upgrade to 1.4.17 panel:title=Atlassian Update - July 2021|borderStyle=solid|borderColor=6554c0|titleBGColor=6554c0|bgColor=eae6ff We have upgrade...
Struts 2 CVE-2019-0230 and CVE-2019-0233 impact on Confluence
h3. Issue Summary Recently, Apache released the following report regarding two different vulnerabilities in Struts 2: |https://struts.apache.org/announce.htmla20200813 Is Confluence affected by these CVEs? h3. Steps to Reproduce Not applicable. h3. Expected Results Not applicable h3. Actual Resul...
Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break
Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...
Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)
h3. DISCLAIMER panel:title=Bundled OpenSearch|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa This issues only covers commons-text usages in the Bitbucket WebApp, not the bundled OpenSearch. To track the upgrade of OpenSearch to a version that contains an updated...
Confluence - Path traversal vulnerability - CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...
Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin
Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...
Critical severity command injection vulnerability - CVE-2022-36804
h3. Command injection vulnerability through malicious HTTP requests There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary co...
Upgrade Tomcat for CVE-2023-28708
h3. Issue Summary The version of Tomcat bundled in Bitbucket is affected by CVE-2023-28708|https://nvd.nist.gov/vuln/detail/CVE-2023-28708 as described below: quote When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to...
Bamboo: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
The version of log4j bundled with Bamboo has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
RCE jackson-databind
h3. Issue Summary https://hello.atlassian.net/wiki/spaces/SECURITY/pages/566213966/CVE-2019-17267+Investigation+jackson-databind+RCE+again h3. Steps to Reproduce search on stash for jackson-databind...
Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240
The administrative linker functionality in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...
Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902
h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...
Unauthenticated listing of labels
Issue the following HTTP request: code POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: wiki.domain.com Content-Length: 75 Content-Type: application/json "contentId":"0","macro":"name":"listlabels","params":"spaceKey":"TEST" code The service returns an HTML document containing a list of all labe...
Various XSS through a repository or review filename - CVE-2017-9508
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...
Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...
If user is restricted to only view the space they should not be able to create or import a calendar
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48465. panel panel:title=23 July 2019 Update|bgColor=e7f4fa Hi everyone, thank you for your interest in this ticket. After...
XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
The Edit upload resource for a review in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...
User Enumeration via /ViewUserHover.jspa - CVE-2020-14181
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. Affected versions: versio...
Malicious file upload in Jira Server via anonymous sources
Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE. Files with name start...
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries: update com.atlassian.applinks: from 5.4.21 to 5.4.23 update com.atlassian.plugins: from 4.4.10 to 4.4.14 update com.atlassian.sal: from 3.1.2 to 3.1.3 update com.atlassian.streams:...
SQL Injection in Jira Software Server [Integration for HipChat]
Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin. Affected versions: versions 8.14.0 Fixed versions: 8.14.0 The plugin is no longer installed in new versions of Jira. However, the removal of the plugi...
DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 Fixed versions: 8.5.5 8.7.2 8.8.0...
XSS in the ConfigurePortalPages.jspa resource - CVE-2019-3402
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the searchOwnerUserName parameter...
Bitbucket is affected by CVE-2024-22243
h3. Issue Summary Bitbucket is affected by CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243. h3. Steps to Reproduce N/A h3. Expected Results N/A h3. Actual Results N/A h3. Workaround Currently, there is no known workaround for this behaviour. A workaround will be added here when...
Template injection in Web Resources Manager - CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remo...
Activity Stream Gadget causing high memory/CPU consumption
+Problem Definition+ Activity Stream Gadget causing high memory/CPU consumption when there is 1 million+ of records in the AO563AEEACTIVITYENTITY table. In this particular case, found that majority of these records are from 3rd party plugins Insight. However, do note that this can happen to any...
Restricted Work Log entries show in the Activity Stream in JIRA Server
h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server
This High severity xalan:xalan Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This xalan:xalan Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Changing public flag in Repository Permissions does not reflect on mirrors
h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...
The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service
The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...
Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 7.21.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
Questions For Confluence App - Hardcoded Password
i Update: This advisory has been updated since its original publication. 2022/08/01 12:00 PM PDT Pacific Time, -7 hours color:172b4dUpdated the Remediation section to note that if the disabledsystemuser account is manually deleted, the app must also be updated or uninstalled to ensure the account...
XSS through various RSS properties in the RSS macro - CVE-2017-16856
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS vulnerabilities in various rss properties which were used as links without restriction on their scheme. h5. Acknowledgements Atlassian would...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. The affected versions are...
The version of moment.js used in Jira was vulnerable to a regular expression denial of service
The version of moment.js used in in Jira before version 7.12.3, from version 7.13.0 before version 7.13.1 and before version 8.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...
Cross-site request forgery(CSRF) in the IncomingMailServers resource - CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery CSRF vulnerability...