4295 matches found
Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...
XSS in the ConfigurePortalPages.jspa resource - CVE-2019-3402
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the searchOwnerUserName parameter...
Upgrade Tomcat to fix CVE-2023-28709
h3. Issue summary Apache Tomcat should be upgraded to 8.5.88 and 9.0.74 or a later version to fix CVE-2023-28709|https://nvd.nist.gov/vuln/detail/CVE-2023-28709 h3. Environment Bamboo 8, 9 h3. Steps to Reproduce Check the Apache Tomcat version on pom.xml or /bin/version.sh/bat h3. Expected Result...
DoS (Denial of Service) in Crowd Data Center and Crowd Server - CVE-2022-29885
h2. Summary of Vulnerability This critical severity DoS Denial of Service vulnerability known as CVE-2022-29885 was introduced in version 4.0.0 of Crowd Data Center and Crowd Server. h2. Affected Versions ||Product||Affected Versions|| |Crowd Data Center Crowd Server|- 4.0.0 - 5.0.0| h2. Fixed...
jQuery 2.2.4 is vulnerable to prototype pollution
Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...
REST API - Improved HTTP Authentication
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...
Turning off audit logging does not result in any logs
h4. Steps to reproduce Enable Bamboo Audit Logging Make a change to confirm Audit Logging is turned on. Disable audit logging h4. Expected Behaviour An Audit log telling who and when turned off audit logging. h4. Observed Behaviour No Audit logs or any other log showing this change. h3. Workaroun...
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
Template injection in Web Resources Manager - CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remo...
Limited Remote File Read in Jira Software Server - CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...
CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]
Atlassian Confluence Server and Data Center is not affected by CVE-2019-0230 Apache Struts Potential Remote Code Execution Vulnerability...
User enumeration through the groupuserpicker api resource - CVE-2019-8449
h3. Issue summary The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. h3. Workaround If upgrading Jira to 8.4.0 is not an option for now, then a temporary workaround consists in...
XSS in DWR
Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example...
XStream upgrade to 1.4.17
h3. Problem XStream is vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. This ticket tracks it's upgrade to 1.4.17 panel:title=Atlassian Update - July 2021|borderStyle=solid|borderColor=6554c0|titleBGColor=6554c0|bgColor=eae6ff We have upgrade...
Jira - CVE-2024-22243
h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...
Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)
h3. DISCLAIMER panel:title=Bundled OpenSearch|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa This issues only covers commons-text usages in the Bitbucket WebApp, not the bundled OpenSearch. To track the upgrade of OpenSearch to a version that contains an updated...
Struts 2 CVE-2019-0230 and CVE-2019-0233 impact on Confluence
h3. Issue Summary Recently, Apache released the following report regarding two different vulnerabilities in Struts 2: |https://struts.apache.org/announce.htmla20200813 Is Confluence affected by these CVEs? h3. Steps to Reproduce Not applicable. h3. Expected Results Not applicable h3. Actual Resul...
Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break
Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...
Confluence - Path traversal vulnerability - CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...
Cross-site request forgery(CSRF) in the IncomingMailServers resource - CVE-2017-16862
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery CSRF vulnerability...
Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin
Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...
Critical severity command injection vulnerability - CVE-2022-36804
h3. Command injection vulnerability through malicious HTTP requests There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary co...
Upgrade Tomcat for CVE-2023-28708
h3. Issue Summary The version of Tomcat bundled in Bitbucket is affected by CVE-2023-28708|https://nvd.nist.gov/vuln/detail/CVE-2023-28708 as described below: quote When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to...
DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 Fixed versions: 8.5.5 8.7.2 8.8.0...
RCE jackson-databind
h3. Issue Summary https://hello.atlassian.net/wiki/spaces/SECURITY/pages/566213966/CVE-2019-17267+Investigation+jackson-databind+RCE+again h3. Steps to Reproduce search on stash for jackson-databind...
Bamboo: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
The version of log4j bundled with Bamboo has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240
The administrative linker functionality in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...
Unauthenticated listing of labels
Issue the following HTTP request: code POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: wiki.domain.com Content-Length: 75 Content-Type: application/json "contentId":"0","macro":"name":"listlabels","params":"spaceKey":"TEST" code The service returns an HTML document containing a list of all labe...
DoS in avatar upload via crafted PNG file - CVE-2019-20897
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. Affected versions version 8.5.4 8.6.0 ≤ version ≤ 8.7.0 8.7.0 ≤ version 8.7.1 Fixed versions 8.5.4 8.7.1 8.8.0...
Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902
h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...
Various XSS through a repository or review filename - CVE-2017-9508
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...
If user is restricted to only view the space they should not be able to create or import a calendar
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48465. panel panel:title=23 July 2019 Update|bgColor=e7f4fa Hi everyone, thank you for your interest in this ticket. After...
Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug...
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries: update com.atlassian.applinks: from 5.4.21 to 5.4.23 update com.atlassian.plugins: from 4.4.10 to 4.4.14 update com.atlassian.sal: from 3.1.2 to 3.1.3 update com.atlassian.streams:...
SQL Injection in Jira Software Server [Integration for HipChat]
Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin. Affected versions: versions 8.14.0 Fixed versions: 8.14.0 The plugin is no longer installed in new versions of Jira. However, the removal of the plugi...
XSS in edit upload for a review through the wbuser parameter - CVE-2018-20241
The Edit upload resource for a review in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the wbuser parameter...
Malicious file upload in Jira Server via anonymous sources
Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE. Files with name start...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
XSS through various RSS properties in the RSS macro - CVE-2017-16856
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS vulnerabilities in various rss properties which were used as links without restriction on their scheme. h5. Acknowledgements Atlassian would...
Activity Stream Gadget causing high memory/CPU consumption
+Problem Definition+ Activity Stream Gadget causing high memory/CPU consumption when there is 1 million+ of records in the AO563AEEACTIVITYENTITY table. In this particular case, found that majority of these records are from 3rd party plugins Insight. However, do note that this can happen to any...
Upgrade bundled Tomcat to 6.0.37
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29345. panel Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version...
Bitbucket is affected by CVE-2024-22243
h3. Issue Summary Bitbucket is affected by CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243. h3. Steps to Reproduce N/A h3. Expected Results N/A h3. Actual Results N/A h3. Workaround Currently, there is no known workaround for this behaviour. A workaround will be added here when...
Authorisation bypass in the ViewUpgrades resource - CVE-2019-8443
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to...
Restricted Work Log entries show in the Activity Stream in JIRA Server
h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server
This High severity xalan:xalan Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This xalan:xalan Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...
Changing public flag in Repository Permissions does not reflect on mirrors
h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...