4295 matches found
DoS (Denial of Service) axios Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0-rc3, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
RCE (Remote Code Execution) at mchange-commons-java dependency in Crucible Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:Hcode allows an...
Missing XML Validation vulnerability in Apache Struts Dependency in Bamboo Data Center
This High severity Missing XML Validation vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0 and 10.2.0 of Bamboo Data Center. This Missing XML Validation vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an plugin vendor ...
DoS (Denial of Service) in Confluence Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in versions 7.19 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2024-57699 was introduced in versions 5.12.29, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center and...
Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-22235
This High severity vulnerability known as CVE-2025-22235 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15, 8.19.16, 8.19.17, 8.19.18, 8.19.19, 8.19.20, 8.19.21, 8.19.23, 8.19.24 of Bitbucket Data...
com.hazelcast:hazelcast Dependency in Confluence Data Center and Server
This High severity com.hazelcast:hazelcast Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This com.hazelcast:hazelcast Dependency vulnerability, with a CVSS Score of 7.6 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L allows an...
com.amazonaws:aws-java-sdk-s3 Dependency in Bamboo Data Center and Server
This High severity com.amazonaws:aws-java-sdk-s3 Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, and 9.2.1 of Bamboo Data Center and Server. This com.amazonaws:aws-java-sdk-s3 Dependency vulnerability, with a CVSS Score of 7.9 and a CVSS Vector of...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bitbucket Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Crowd Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, 5.3.0, and 6.0.0 of Crowd Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Confluence's create-content operation takes up to 20 minutes to completely render the Create dialog
h3. Issue Summary Confluence's create-content operation clicking the "..." button next to the Create button at the top left results in a create-dialog window that can take up to 20 minutes to fully render. This is reproducible on Data Center: yes h3. Steps to Reproduce On an affected version of...
Merge Conflicts PRs in Confluence-Distribution
Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...
Private key is logged at DEBUG level when accidentally entered into SSH page
When a user uploads their public SSH key, Bitbucket will log the submitted data at DEBUG level if the key is invalid. Unfortunately, if a user mistakenly uploads their private key, this will be logged: noformat username SECO1Qx158x13421x0 3omfyq 123.45.67.89,12.34.56.78 "POST...
Anonymous users can view list of installed gadgets in Jira
h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...
Attachment name, in questions/answers, is searchable despite not having Permissions for Questions
h4. Summary The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title...
Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence
h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce Create a new page in Confluence Attach any PDF or picture or any file in that page and then publish the page Copy the image link by right clicking on the image as...
XSS via parameter pollution
Jira Service Management Server and Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability caused by parameter pollution. Affected versions: version 4.5.13 4.13.0 ≤ version 4.13.5 4.15.0 ≤ version 4.15.1 Fixed versions: 4.5.13 4.13.5...
XSS via parameter pollution
Jira Service Management Server and Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability caused by parameter pollution. Affected versions: version 4.5.13 4.13.0 ≤ version 4.13.5 4.15.0 ≤ version 4.15.1 Fixed versions: 4.5.13 4.13.5...
Adding an extra forward slash '/' in the download attachment URL results in a stack trace.
h3. Issue Summary Adding an extra forward slash '/' in the download attachment URL results in a stack trace. h3. Steps to Reproduce Append an extra slash to a download attachment URL, similar to this: code:java http://:///download/attachments code h3. Expected Results A 'page not found', 404 or...
Security improvements to the Velocity Uberspector
This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution RCE and Injection attacks. The versions which do not have this improvement are before version 8.12.3...
Comment button visible to users without permission on boards
h3. Issue Summary When a project's permissions are set to allow viewing by any logged in user, but commenting is limited to specific project roles, if a user attempts to comment from a board, the button is available to them and they see the following error message: panel:bgColor=eeeeee...
The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026
The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in...
Users that are not logged into Jira can navigate to crafted URL's and inject messages onto the page
h3. Issue Summary Non-authenticated users can navigate to crafted URL's in Jira and inject messages onto the page. h3. Steps to Reproduce Navigate to a URL such as localhost:8080/jira/secure/VoteOrWatchIssue.jspa Add some additional text behind the URL such as...
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...
General user Agent Status page reveals also details of builds for users that do not have View permission
h3. Issue Summary h3. Environment This issue is approved to happen for Bamboo version 6.9.1, likely it happens for all Bamboo versions. h3. Steps to Reproduce Define a non-Admin user a Bamboo admin already should exist via installation Provide global, project and plan permissions to this user,...
Upgrade to version 3.2.2 of apache commons-collections
h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...
SSRF via REST API /plugins/servlet/gadgets/makeRequest
Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...
XSS in User Macros, Macro Title and Icon URL
h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...
The bundled version of atlassian-rest had a weakness in its Cross-site request forgery protection
The bundled version of atlassian-rest in Atlassian Crowd before version 2.8.4 and from version 2.9.0 before version 2.9.1 was vulnerable to a Cross-site request forgery CSRF vulnerability in certain browsers, for example chrome, due to an assumption that non-simple content-types could not be sent...
XSS in various resources in the issuesURL parameter - CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuesURL parameter...
HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header
When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...
Upgrade Tomcat to the latest available version 8.5.12
Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9. Customer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat...
Restricted Work Log entries show in the Activity Stream for JIRA Cloud
h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...
Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file
Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...
change fontset 'icons' to html entities to improve security compliance
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...
Username enumeration through the username parameter to the ViewUserHover resource.
It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...
As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-38125. panel h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security...
CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI
In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...
Bundled Java Version Security Patches
At the moment, the bundled JAVA is version 1.7.015. The recent JAVA version is 1.7.72, which has many security patches http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html. Does the security vulnerabilities on bundled JAVA JRE something that we should be concerned about?...
Project avatar resource vulnerable to XSRF
The project avatar resource accepts content type of MULTIPARTFORMDATA so a malicious attacker could use javascript to submit a form from a foreign host to a stash server and trick the user into changing the project avatar in Stash. cc David Black Atlassian - is there any reason why panopticon fou...
Request access to this page. userFullName can be modified.
Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...
XSS vulnerability in spacedirectory
Good morning, I wanted to tell you to run vulnerability tests confluence, thrown the same XSS vulnerabilities. Version tested: 5.4.4 What steps should I follow to fix their vulnerabilities? Or vulnerabilities will be resolved for you? I attached the vulnerabilities: 1 GET...
Content injection caused by failing to encode the url
The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...
REST API allows to get worklog from issue without access rights to that issue
On JIRA OnDemand v6.3-OD-08-005-WN also here! it's possible to get worklog by it's ID even if this worklog does not belong to issue passed in API url. Example: On our OnDemand instance I have access rights to . When I add worklog to this issue via REST API, I get its id . Now, when I call GET...
Remote DoS Exploit on Confluence
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...
Define the security for which plugins can be used by which users on which pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...
Persistent Cross Site Scripting Flaw in User Profiles
A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the Atlassian ID system to contain an XSS vector which executes when inserted as a link, and clicked on by the victim. 1. Visit https://id.atlassian.com/profile/ 2. Update your Homepage...
Direct Object Reference - User Information Disclosure
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious...
Applink configuration data is exposed anonymously
If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs and URLs of the applinks configured on the instance. e.g. an anonymous request to https://jira.atlassian.com/rest/issueLinkAppLink/1/appLink/info returns code:javascript...
Users getting "XSRF Security Token Missing" when Creating Issues
When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...