Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2013/09/11 7:3 a.m.•25 views

Arbitrary file creation in AbstractRendererExporterImpl

To reproduce: 1. Create a new space. 2. Create a new page. 3. Attach a file called test.txt to the page. 3. Edit the page, and add an image with the URL: code /confluence/s/download/attachments/pageid//../../../../../../../../../../../../tmp/test.txt code \pageid\ must be replaced with the actual...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/02 7:10 a.m.•25 views

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/08/09 4:40 a.m.•25 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2013/07/16 4:47 p.m.•25 views

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/07/05 5:19 a.m.•25 views

Webwork 2 code injection vulnerability

We have discovered a vulnerability in WebWork 2, which is a part of the Struts web framework. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. In case of Bamboo, the attacker needs to be able to access Bambo...

1.7AI score
Exploits0
Atlassian
Atlassian
•added 2013/07/01 4:53 a.m.•25 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0
Atlassian
Atlassian
•added 2013/06/24 5:18 p.m.•25 views

JSON-RPC API functions available anonymously even though anonymous API access is disabled.

The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/06/20 8:12 a.m.•25 views

Allow cookie-less instance for security reasons

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/03/19 12:53 a.m.•25 views

XSS in /secure/admin/TempoServicesAccess.jspa

allowedIPAccresses is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link without a token. noformat...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/03/12 11:37 p.m.•25 views

Security enhancement: do not allow POST parameters to be used in GETs

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-32076. panel My company's security team ran a vulnerability scan against our JIRA and found this issue. They advised me to bring it to your...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/01/08 12:24 p.m.•25 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /atlassian-jira/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/01/02 4:17 a.m.•25 views

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2012/10/10 1:10 a.m.•25 views

Reflected XSS in Create Issue Details page

The Create Issue Detail page is vulnerable to reflected XSS. 1. Login to https://$JIRA/ 2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="alert'XSS'alert'XSS'p+name%3D"&pid=10000&issuetype=2...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/10/04 2:46 a.m.•25 views

SQL injection in DefaultReferralManager

In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/10/04 12:4 a.m.•25 views

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/28 3:56 a.m.•25 views

Persistent XSS in the removepage.action page through the title of the parent page being deleted

The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector. Steps to reproduce: 1. Add a page with a title of "" alert3; 2. from the Add menu select "Add page" so it is a child of the first page 3. save the new page child ...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/27 1:56 a.m.•25 views

Potential remote code execution due to embedding of old django-piston

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46819. panel The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of...

2.4AI score
Exploits0
Atlassian
Atlassian
•added 2012/07/03 7:8 a.m.•25 views

XSS vulnerability in Office Connector plugin

From: OFFCONN-81: Using "office excel"-macro as part of viewfile, which is part of office connector plugin seems to open up the possibility to get injected with XSS-code. Steps to reproduce: 1. Create an excel-file with following content in one cell: code '"alert'XSS' code 2. Attach this file to ...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2012/05/07 6:55 a.m.•25 views

The "user" Dark Features page is vulnerable to XSRF/csrf

The "User Dark Features" page located at $host/secure/ViewProfile.jspa?selectedTab=jira.user.profile.panels:up-darkfeatures-panel allows users to add dark features which only affect themselves. However, it is not protected against XSRF attacks. Note: the 'value' of dark features is not properly...

1.3AI score
Exploits0
Atlassian
Atlassian
•added 2012/05/06 11:36 p.m.•25 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/04/19 1:27 a.m.•25 views

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/03/26 4:53 a.m.•25 views

Bamboo XML Vulnerability

We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo. This vulnerability allows an attacker to: Execute denial of service attacks against the Bamboo server, and Read all local files readable to the system user under which Bamb...

3.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/01/08 11:39 p.m.•25 views

Provide an abstract Seraph authenticator for SSO authenticators to subclass that reduces the plumbing code required to interact with Embedded Crowd

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-24358. panel This is currently the most comprehensive version I have so far compiled of the code a custom SSO authenticator for...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/08/25 3:13 p.m.•25 views

Better error message when viewing an embedded calendar as an unprivileged user

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-51101. panel On our site's dashboard I have a calendar macro defined as:...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/08/09 7:49 a.m.•25 views

Members of confluence-administrators group can browse to restricted pages

Expected behaviour is that a Confluence admin can view a page restricted to others by hitting the URL directly to help resolve any permission issues. In 3.5.x the admins can also browse to these pages via Browse Pages...

3.7AI score
Exploits0
Atlassian
Atlassian
•added 2011/05/30 7:4 p.m.•25 views

Cross-Site Request Forgery

Cross-Site Request Forgery Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL: /jira/plugins/servlet/streamscomments This vulnerability enables...

7.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/03/14 5:44 a.m.•25 views

XSRF token broken when you edit an Issue Type Scheme

If you click the Edit link beside the currently selected Issue Type Scheme on a Project Summary page and then click Save on the next screen you get an XSRF token missing error...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2010/09/23 1:6 a.m.•25 views

XSS vulnerability in space key, particularly with decorators off

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/27 4:58 a.m.•25 views

XSS in page renderer

An XSS vulnerability has been identified in the page renderer. This issue provides a fix for this problem. The severity of this issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues as well as more information on how we rate issues...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/27 1:3 a.m.•25 views

Put a new security log into JIRA so that important events can be specifically logged

The idea is to have a specific atlassian-jira-security.log that contains important events such as user logged in, logged out, session created and so on. This would allow for more specific information about how is logged into JIRA and when. This has been mooted for a while and is now being done in...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 1:19 a.m.•25 views

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 12:36 a.m.•25 views

XSS Bookmark vulnerabilities

The Add bookmark page is vulnerable to XSS attacks...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/18 1:44 a.m.•25 views

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/08 8:10 p.m.•25 views

Signing in with username with different case creates new user

We currently utilize LDAP for our user repository and allow users to be automatically added to crucible if they can successfully authenticate. We have recently received complaints from users that their names were showing up two times in reviews. After some analysis we saw that there were 2...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/03/16 5:57 a.m.•25 views

xss vulnerability in issuelinksmall.jsp

Thanks to NASA / JPL for discovering this: Cross-Site Scripting XSS related to http://oursite/jira/includes/snippets/issuelinksmall.jsp?%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E=has...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/01/20 6:41 p.m.•25 views

autocomplete box in page restrictions finds deleted users, wrong usernames

We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...

0.7AI score
Exploits0
Atlassian
Atlassian
•added 2009/10/21 1:33 a.m.•25 views

Confluence users should inherit permissions from the anonymous user

This has been derived from CONF-4955|http://jira.atlassian.com/browse/CONF-4955. The above seems to have been fixed for registered groups only, not individual users who do not belong to any groups in Confluence, but have "Can Use" permission. If a user is a member of a specific group, the anonymo...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/10/09 1:2 a.m.•25 views

Links from indexbrowser.jsp are vulnerable to XSS attacks

CONF-16888 has introduced or re-introduced an XSS vulnerability. To reproduce: Create a new user, and for the Full Name use: noformatalert'Vulnerable'noformat Go to ../admin/indexbrowser.jsp and find the entry Click on the entry, and the script is executed. This also happens for other content typ...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2009/10/09 1:2 a.m.•25 views

Links from indexbrowser.jsp are vulnerable to XSS attacks

CONF-16888 has introduced or re-introduced an XSS vulnerability. To reproduce: Create a new user, and for the Full Name use: noformatalert'Vulnerable'noformat Go to ../admin/indexbrowser.jsp and find the entry Click on the entry, and the script is executed. This also happens for other content typ...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/06/18 1:45 p.m.•25 views

Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0

Confluence allows its users to specify a "Profile Picture," an image that appears on many pages related to the user. A user can either upload a custom image, or select one from a set provided by Confluence. Confluence uses the /users/doeditmyprofilepicture.action path to process requests to chang...

7.2AI score
Exploits0
Atlassian
Atlassian
•added 2009/05/26 1:29 a.m.•25 views

XSS in concurrent edit notification

If a page is being editted by noformat alert'hacked' noformat and another user edits it at the same time, they are vulnerable to a potential XSS attack...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/05/07 2:13 a.m.•25 views

The i18n in velocity templates does not auto html encode parameters

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15548. panel All the getText methods on com.atlassian.confluence.util.i18n.DefaultI18NBean are anontated as HtmlSafe which means...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/04 3:15 p.m.•25 views

Email notifications for jiraissues macro reflect page owner permissions rather than permissions of notified user...

When a notification is sent out for a page that includes the \jiraissues\ macro, the list of issues is based on the page owner's permissions rather than the notified user's permissions. Here are the steps to reproduce: Set up the trust relationship between your JIRA and Confluence installs Create...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/11/13 3:49 a.m.•25 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/09/15 4:14 p.m.•25 views

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/09/15 3:57 p.m.•25 views

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

7AI score
Exploits0
Atlassian
Atlassian
•added 2008/08/29 6:36 p.m.•25 views

Pages that inherit page restrictions are not respecting those restrictions after upgrade to Confluence 2.9

Tested and verified in both customer enviornment and in test enviornment. In the event that you have a parent page restriction and a child page that inherits that restriction, upon upgrade, 2.9 will only respect the explicit parent permission in terms of security trims and actual access but not...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/04/30 9:27 a.m.•25 views

Manage Watchers shows users with no permission

We have just upgraded to Jira 3.12.2 and like the new functionality when adding watchers to an issue. There is one problem with this though. It is showing all users, including users with no permissions. This means that all employees that stopped working here will show in the drop down. We do not...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/04/15 12:31 a.m.•25 views

Users can move attachments to a space they have no permission for

Any user with permission to edit pages in a space can move attachments in that space to any page in Confluence. Eg: suppose we have a user named StandardUser who has permission to edit pages in GeneralSpace, but no permission to view or edit RestrictedSpace, which contains a page predictably name...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/03/11 5:24 a.m.•25 views

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

1.8AI score
Exploits0
Total number of security vulnerabilities4295