Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2016/02/09 10:50 a.m.•24 views

XSS vulnerability found in profile settings

There was a XSS vulnerability found in profile settings pages...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/22 2:36 a.m.•24 views

Windows 4.0 prompted "Untrusted Certificate" error in Rooms

h3. Summary When accessing specific rooms with URL from an untrusted website, the error message "Untrusted Certificate" appears, prompt if you want to trust the certificate and continue. !Screen Shot 2016-01-22 at 10.28.08 AM.png|thumbnail! h3. Environment Windows h3. Actual Results The following...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/07 11:29 a.m.•24 views

Stronger algorithm used to digest instance admin password

Let's use PKCS5S2...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2016/01/07 11:26 a.m.•24 views

One Crucible admin can get access to repository password provided by another admin

It was possible to retrieve the repository passwords provided by another administrator via web browser session. It was fixed now, so password can still be changed or unset if necessary, but it is not possible to read its contents...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/09/10 1:31 a.m.•24 views

Disable Quartz Phone Home

Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/07/13 8:17 a.m.•24 views

Disabled Users Receive Notification from Team Calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/07/08 2:41 a.m.•24 views

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/05/28 8:4 p.m.•24 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/05/13 11:2 p.m.•24 views

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

6.9AI score
Exploits0
Atlassian
Atlassian
•added 2015/04/08 10:58 a.m.•24 views

Update Java version bundled in the installer

The version of Java bundled with Confluence is 1.7.015 which is a little bit dated February 2013. We should bundle the latest version of Java 7 to ship the latest bug fixes and security patches. Updating the version of Java will also solve CONF-31688...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/02/27 1:46 p.m.•24 views

Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

4.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/01/14 11:25 a.m.•24 views

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2015/01/06 2:10 a.m.•24 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0
Atlassian
Atlassian
•added 2014/12/18 3:30 a.m.•24 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/12/16 12:6 a.m.•24 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to be able to access the Crucible web interface. All versions of Crucible up to and including 3.6.1...

3AI score
Exploits0
Atlassian
Atlassian
•added 2014/10/24 7:13 p.m.•24 views

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2014/10/20 8:42 p.m.•24 views

XSS in page editor via Shortcut links

Steps to reproduce: 1. add new shortcuts with default alias like "". 2. by typing searchterms@aliasname in page editor you can trigger XSS By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/10/15 3:39 p.m.•24 views

Activity stream on JAC contains updates from another user

Jira prompted me to change my time zone, and brought me to a profile that seems to be for a completely different user who happens to share my first name and last initial. See attached screen shot. Going directly to https://secretlocation.atlassian.net/secure/ViewProfile.jspa shows me the proper...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/10/14 5:42 p.m.•24 views

Adding Subscription Cal by URL stores user password unencrypted

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48402. panel I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really ...

1.2AI score
Exploits0
Atlassian
Atlassian
•added 2014/09/11 5:28 p.m.•24 views

Add global option "Enable group <anyone>"

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-39912. panel As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects t...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/07/28 4:26 a.m.•24 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/27 7:3 a.m.•24 views

Seemingly malformed PNG file will cause JIRA to OOM within seconds

.atlassian.net was chain-OOM-ing earlier today. jworley was able to narrow it down to an image attachment on a particular issue. It's only a 300KB PNG file a screenshot from an Android device but it causes JIRA to OOM almost immediately. I've been able to replicate that behaviour on my jira-dev...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/24 5:47 a.m.•24 views

Remote DoS Exploit on JIRA

An attacker is able to perform the billion laughs attack on a default JIRA installation including OnDemand installations. This attack can be executed without authentication and leads to the complete use of resources on the victim machine causing the server to crash or hang. It is possible due to...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/06/03 6:36 p.m.•24 views

Stash uses plain text passwords in the database for the Crowd User Directory

I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/05/01 11:6 a.m.•24 views

Restrictions do not apply in calendar macro

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-49762. panel Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/04/30 3:13 p.m.•24 views

Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/04/30 3:13 p.m.•24 views

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

6.5AI score
Exploits0
Atlassian
Atlassian
•added 2014/02/13 11:39 p.m.•24 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answeri...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2014/01/09 12:39 a.m.•24 views

XSS in the view parameter of several actions

The following XSS issues were detected by a customer. /changelog?max=30&view=cru%22;alert4015891;//%22&@asv=cru /project/CR?max=30&projectKey=CR&view=all";alert3166631;//"&@asv=all /user/c30626?max=30&name=c30626&view=all";alert1287220;//"&@asv=all...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/12/23 2:57 p.m.•24 views

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

7.1AI score
Exploits0
Atlassian
Atlassian
•added 2013/12/05 9:38 a.m.•24 views

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/10/29 6:54 a.m.•24 views

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/10/21 3:42 a.m.•24 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/10/01 9:22 a.m.•24 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/10/01 9:6 a.m.•24 views

Persistent cross-site scripting (XSS) via DailyMotionRenderer

A number of renderer classes used by the widget macro were previously identified that contained URL validation flaws leading to persistent cross-site scripting XSS vulnerabilities. The modified classes now make use of the isUrlMatch method from the WidgetConnectorUtil class in the implementation ...

6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/20 4:57 p.m.•24 views

Unauthenticated access to private information via tinymce plugin

It is possible for unauthenticated users to retrieve information from a Confluence instance, including tables of contents and change histories for private pages, and lists of all attachments in a space, by making calls to the preview function of the macro REST API in the confluence-tinymce-plugin...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/09/16 11:11 a.m.•24 views

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

1.1AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/16 6:17 a.m.•24 views

Resource file path traversal in IconDownloadResourceManager

To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2013/09/04 12:24 a.m.•24 views

XSS vulnerability in the Office Powerpoint macro (Office Connector)

To reproduce: 1. Attach a ".ppt" file to the page. any file with that extension - doesn't need to be a powerpoint file 2. Add "Office Powerpoint" macro with Slide Number as: code "alertdocument.domain code 3. View page. See officeconnector, PptConverter.java, line...

2.4AI score
Exploits0
Atlassian
Atlassian
•added 2013/07/26 3:5 a.m.•24 views

XSS vulnerabilities in Atlassian Answers

Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page https://answers.atlassian.com/. Chose "Browse", "Users" and "Sort By Username" then a alert dialogue box will appear...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/03/19 12:45 a.m.•24 views

XSS in organisationId in /secure/admin/UpdateBitbucketCredentials.jspa

OrganisationId is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link. noformat GET...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/03/18 8:33 a.m.•24 views

Activity stream not respecting parent page restrictions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2013/03/06 1:6 a.m.•24 views

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

0.7AI score
Exploits0
Atlassian
Atlassian
•added 2013/01/16 8:52 a.m.•24 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2013/01/10 4:9 p.m.•24 views

Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary

Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...

1.1AI score
Exploits0
Atlassian
Atlassian
•added 2012/12/21 12:8 a.m.•24 views

XSS bug in detail view epic name lozenge rendering

6.1 introduced an xss bug in the detail view, more specifically in the epic field that displays to which epic an issue belongs to...

1.8AI score
Exploits0
Atlassian
Atlassian
•added 2012/11/05 10:10 a.m.•24 views

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

3.7AI score
Exploits0
Atlassian
Atlassian
•added 2012/09/12 6:20 p.m.•24 views

User email showing in suggestions section with visibility set to hidden

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-29690. panel Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Emai...

0.6AI score
Exploits0
Atlassian
Atlassian
•added 2012/09/03 2:4 a.m.•24 views

Session expiry pages may echo password in clear text

The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...

0.4AI score
Exploits0
Atlassian
Atlassian
•added 2012/08/20 6:19 a.m.•24 views

GH Webwork actions are vulnerable to XSRF.

GHCreateNewIssue.jspa is not protected against XSRF attacks. Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa...

3.4AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295