Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2023/09/11 5:51 a.m.•24 views

QueryCompenentRenderer API returns project key

When an unauthenticated remote attacker accesses "/secure/QueryComponentRendererValue!Default.jspa?pid=10000", the project key is returned: code:java "project":"name":"Project","viewHtml":" \n \n Project:\n \n Project id=10,000 \n","editHtml":"\n","jql":"project =...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2023/06/28 12:13 p.m.•24 views

Transition screen removed when project admin edits a transition

h3. Problem The relevant transition screen gets removed when a project admin without Jira Administrator global permission attempts to edit a transition. h3. Environment Jira h3. Steps to Reproduce Create a new project I used Scrum software development template Modify one of the transitions in the...

6.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2022/12/12 12:15 p.m.•24 views

Mask Webhook secret Key

While configuring webhooks in bitbucket, we have the option to provide a secret key that is not masked, and hence the plain text secret key is visible in audit logs, kindly mask the secret key Steps to reproduce Configure webhook in Bitbucket server When the hook is created,modified we see the...

0.4AI score
Exploits0
Atlassian
Atlassian
•added 2022/02/17 5:30 a.m.•24 views

Source configuration information leakage in API response

Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/. Affected versions: 4.19.0 Fixed versions: 4.20.6...

5AI score
Exploits0
Atlassian
Atlassian
•added 2022/02/15 7:41 p.m.•24 views

Leaked admin credentials via Insight object import

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the \BaseUrl/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId= endpoint. The affected versions a...

4.4AI score
Exploits0
Atlassian
Atlassian
•added 2021/08/25 3:58 p.m.•24 views

Anonymous users can view list of installed gadgets in Confluence

h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Confluence instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit th...

0.8AI score
Exploits0
Atlassian
Atlassian
•added 2021/07/08 1:49 a.m.•24 views

An admin can downgrade or remove a group with sys admin privilege

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

5.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2021/06/21 11:34 a.m.•24 views

Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence

h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce Create a new page in Confluence Attach any PDF or picture or any file in that page and then publish the page Copy the image link by right clicking on the image as...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2021/03/24 1:37 p.m.•24 views

Cross Site Scripting vulnerability allows injecting HTML code into table edits

h3. Issue Summary Cross Site Scripting vulnerability allows injecting HTML code into table edits h3. Steps to Reproduce Edit a page Then access the Insert macro 'Info' option. A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2020/11/04 7:26 a.m.•24 views

User has access to project and repository after global permission has been removed

h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...

7AI score
Exploits0
Atlassian
Atlassian
•added 2020/06/08 9:14 p.m.•24 views

REST API - Deactivate the REST API

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...

2.3AI score
Exploits0
Atlassian
Atlassian
•added 2019/09/26 4:13 p.m.•24 views

Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Fisheye & Crucible before version 4.7.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. Th...

4.3CVSS3.5AI score0.01334EPSS
Exploits0Affected Software1
Atlassian
Atlassian
•added 2017/05/05 2:23 p.m.•24 views

Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access

h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2017/01/19 9:29 a.m.•24 views

XSS attack possible on FishEye file history page

The File History page was vulnerable to XSS...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2017/01/18 5:46 p.m.•24 views

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

7.5AI score
Exploits0
Atlassian
Atlassian
•added 2017/01/05 2:52 p.m.•24 views

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

7.5AI score
Exploits0
Atlassian
Atlassian
•added 2016/12/12 11:54 p.m.•24 views

Permission issue when configuring Default Reviewers

Certain permissions relating to Default Reviewers could be circumvented by authenticated users...

3.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/11/02 7:29 a.m.•24 views

SECURITY: Update application-links in JIRA Server to fix APL-1327

Now that https://ecosystem.atlassian.net/browse/APL-1327 has been fixed, upgrade application-links to a version that contains a fix for it. In this case JIRA server would update application-links from version 5.2.3 to version 5.2.4...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/10/25 7:44 a.m.•24 views

XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/02/09 10:50 a.m.•24 views

XSS vulnerability found in profile settings

There was a XSS vulnerability found in profile settings pages...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/22 2:36 a.m.•24 views

Windows 4.0 prompted "Untrusted Certificate" error in Rooms

h3. Summary When accessing specific rooms with URL from an untrusted website, the error message "Untrusted Certificate" appears, prompt if you want to trust the certificate and continue. !Screen Shot 2016-01-22 at 10.28.08 AM.png|thumbnail! h3. Environment Windows h3. Actual Results The following...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/07 11:29 a.m.•24 views

Stronger algorithm used to digest instance admin password

Let's use PKCS5S2...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/07 11:26 a.m.•24 views

One Crucible admin can get access to repository password provided by another admin

It was possible to retrieve the repository passwords provided by another administrator via web browser session. It was fixed now, so password can still be changed or unset if necessary, but it is not possible to read its contents...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/09/10 1:31 a.m.•24 views

Disable Quartz Phone Home

Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/07/13 8:17 a.m.•24 views

Disabled Users Receive Notification from Team Calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/07/08 2:41 a.m.•24 views

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/05/28 8:4 p.m.•24 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/05/13 11:2 p.m.•24 views

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

6.9AI score
Exploits0
Atlassian
Atlassian
•added 2015/04/08 10:58 a.m.•24 views

Update Java version bundled in the installer

The version of Java bundled with Confluence is 1.7.015 which is a little bit dated February 2013. We should bundle the latest version of Java 7 to ship the latest bug fixes and security patches. Updating the version of Java will also solve CONF-31688...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/02/27 1:46 p.m.•24 views

Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

4.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/01/14 11:25 a.m.•24 views

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/01/06 2:10 a.m.•24 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0
Atlassian
Atlassian
•added 2014/12/18 3:30 a.m.•24 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/12/16 12:6 a.m.•24 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to be able to access the Crucible web interface. All versions of Crucible up to and including 3.6.1...

3AI score
Exploits0
Atlassian
Atlassian
•added 2014/10/24 7:13 p.m.•24 views

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2014/10/20 8:42 p.m.•24 views

XSS in page editor via Shortcut links

Steps to reproduce: 1. add new shortcuts with default alias like "". 2. by typing searchterms@aliasname in page editor you can trigger XSS By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/10/15 3:39 p.m.•24 views

Activity stream on JAC contains updates from another user

Jira prompted me to change my time zone, and brought me to a profile that seems to be for a completely different user who happens to share my first name and last initial. See attached screen shot. Going directly to https://secretlocation.atlassian.net/secure/ViewProfile.jspa shows me the proper...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/10/14 5:42 p.m.•24 views

Adding Subscription Cal by URL stores user password unencrypted

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48402. panel I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really ...

1.2AI score
Exploits0
Atlassian
Atlassian
•added 2014/09/11 5:28 p.m.•24 views

Add global option "Enable group <anyone>"

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-39912. panel As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects t...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/27 7:3 a.m.•24 views

Seemingly malformed PNG file will cause JIRA to OOM within seconds

.atlassian.net was chain-OOM-ing earlier today. jworley was able to narrow it down to an image attachment on a particular issue. It's only a 300KB PNG file a screenshot from an Android device but it causes JIRA to OOM almost immediately. I've been able to replicate that behaviour on my jira-dev...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/16 3:56 p.m.•24 views

Disabled user are still able to request for password reset email.

h3. Step to Reproduce: Disable a user test in Crowd administration console make sure that there is no duplicate user Request password reset for the disabled user test h3. Expected result No mail will be sent to disabled account. h3. Observerd Result. The disabled user still receive the password...

0.9AI score
Exploits0
Atlassian
Atlassian
•added 2014/05/01 11:6 a.m.•24 views

Restrictions do not apply in calendar macro

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-49762. panel Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/04/30 3:13 p.m.•24 views

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

6.5AI score
Exploits0
Atlassian
Atlassian
•added 2014/04/30 3:13 p.m.•24 views

Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/02/13 11:39 p.m.•24 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answeri...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/01/09 12:39 a.m.•24 views

XSS in the view parameter of several actions

The following XSS issues were detected by a customer. /changelog?max=30&view=cru%22;alert4015891;//%22&@asv=cru /project/CR?max=30&projectKey=CR&view=all";alert3166631;//"&@asv=all /user/c30626?max=30&name=c30626&view=all";alert1287220;//"&@asv=all...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/12/23 2:57 p.m.•24 views

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

7.1AI score
Exploits0
Atlassian
Atlassian
•added 2013/12/11 7:33 p.m.•24 views

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31945. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visibl...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/12/05 9:38 a.m.•24 views

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/10/29 6:54 a.m.•24 views

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

2.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295