4295 matches found
People Directory search can be misused to retrieve email addresses of all users
Even when email addresses should be hidden because of global settings, it is possible to retrieve email addresses of all the users in the system by misusing search in people directory. It seems that the email address is one of the attributes that are being indexed by the search engine. So if one...
Need ability to limit use of remote API to certain users, or a certain group
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...
Character not allowed in user name
A user has sign up with the user name "m&m". The i tried to modify this user. Because the username is passed as url parameter FooServlet?name=m&m : GET or POST method the servlet container cut the name and try to retreive the username named "m" !!! The only way is to use a database client, change...
Add a generic HTML cleaning service
This will be able to be used by all components that need to display untrusted HTML: including HTML attachments, RSS feeds, and the html-include macro...
DoS (Denial of Service) minimatch Dependency in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center
This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
Security Misconfiguration vulnerability at Tomcat dependency in Bamboo Data Center
This High severity Security Misconfiguration vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0 and 12.1.0 of Bamboo Data Center. This Security Misconfiguration vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Information Disclosure in Confluence Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center
This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...
XSS (Cross Site Scripting) dompurify Dependency in Bamboo Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.0.1, 10.2.15, 12.0.0 and 12.1.2 of Bamboo Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...
Information Disclosure org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.bitbucket.b_c:jose4j Dependency in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.2.14, 9.3.1, 9.4.0, 9.5.1, and 10.2.3 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Injection immutable Dependency in Confluence Data Center
This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...
XSS (Cross Site Scripting) dompurify Dependency in Bitbucket Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 8.19.0, 9.0.1, and 10.0.0 of Bitbucket Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticate...
RCE (Remote Code Execution) in Bamboo Data Center
This High severity RCE Remote Code Execution vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute...
DoS (Denial of Service) Apache Struts Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, and 12.0.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to cause a resource to be...
Injection sha.js Dependency in Jira Service Management Data Center and Server
This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...
mXSS (mutation Cross-Site Scripting) dompurify Dependency in Jira Software Data Center and Server
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS mutation Cross-Site Scripting vulnerability was introduced in version 10.3.0 of Jira Software Data Center...
RCE (Remote Code Execution) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.19.0, 9.4.0, and 10.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...
XXE (XML External Entity Injection) Tika Dependency in Jira Software Data Center and Server
This Jira Software release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...
DoS (Denial of Service) in Crowd Data Center
This High severity DoS Denial of Service vulnerability was introduced in version 6.3.1 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disruptin...
PrivEsc (Privilege Escalation) in Jira Service Management Data Center
This High severity PrivEsc Privilege Escalation vulnerability was introduced in versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center. This PrivEsc Privilege Escalation vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileg...
DoS (Denial of Service) io.netty:netty-handler Dependency in Confluence Data Center and Server
This High severity io.netty:netty-handler Dependency vulnerability was introduced in versions 7.19 of Confluence Data Center and Server. This io.netty:netty-handler Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
SSRF (Server-Side Request Forgery) [email protected] (NPM) in Crowd Data Center
This High severity SSRF Server-Side Request Forgery and Third-Party Dependency vulnerability was introduced in versions 6.0.4 and 6.1.2 of Crowd Data Center. This SSRF Server-Side Request Forgery and Third-Party Dependency vulnerability, caused by Axios 1.6.8, with a CVSS Score of 8.6, allows an...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
[9.0] Fix Risky deserialization calls
h3. Issue Summary fix This is reproducible on Data Center: Yes h3. Steps to Reproduce Cannot be reproduced h3. Expected Results Where possible, restrict the set of classes that can be deserialized. OWASP’s recommendation for readObject calls is to subclass the ObjectInputStream class, and overrid...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Confserver ticket aggregation
Support CONFSERVER ticket aggregation similar to https://hello.atlassian.net/wiki/spaces/JIRASERVER/pages/3002952256/Experiment+-+JSEC+aggregates...
User with system administrator privilege can search restricted pages.
h3. Issue Summary Starting Confluence 8.5.1 when a user is granted System administrator permission at Global permissions. The user can search for Restricted content and the restricted page gets displayed in search, when tried to access it says "Page can't be found". This behaviour is not...
Jira does not invalidate session after a password change
When a user changes their username via the UI the session cookie is not invalidated. For security purposes, all sessions should be invalidated and require the user to sign back in with the new password...
Preventing path disclosure in file upload functionality and Page export for security purposes
h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...
Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence
h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce Create a new page in Confluence Attach any PDF or picture or any file in that page and then publish the page Copy the image link by right clicking on the image as...
User has access to project and repository after global permission has been removed
h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...
REST API - Deactivate the REST API
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...
Improper authorization on support files vulnerability in Jira - CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...
Pushing a code with an unlicensed user is possible if it was once a licensed user and an SSH key is added to user's profile
h3. Issue Summary If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code. h3. Environment Every environment. h3. Steps to Reproduce Create a new user. Add any...
Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust
h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...
Escape code on Description field when exporting to CSV
When opening CSV files exported through the CSV Export of Jira on Excel, if there are written Excel codes on it, they will run automatically. The suggestion is to provide a setting/configuration that automatically escape special characters on the export...
Upgrade Tomcat to the version 8.5.32
h4. Problem Current version of Tomcat 8.5.6 bundled with JIRA pre 7.12.1 is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9...
Authentication fails using SSH keys since 2.3.5
Neither the Pagent agent or OpenSSH is working to authenticate since I upgraded. Switching SSH services makes no difference. If I go to the command line, using ssh -i identfile I have no issues authenticating to any system. Other symptoms include the terminal not going to the repository but using...
JQuery Update to the latest version
h3. Definition JQuery is currently at version 1.7.2 where it contains 1 medium security vulnerability. h3. Suggestion To update the JQuery version that does not have a vulnerability threat...
An issue can be linked to by ID even if link and browse permissions are absent
h3. Problem Definition: If you remove the Link Issues Permission and Browse Projects Permission a user can still create a link if they use the issue key. h3. Steps to Reproduce Create a Project Role and remove the "Browse Projects" and "Link Issues" permissions from that role in a target-project...
Missing authorization check in Team Calendar addon
We received external report about missing authorization check in Team Calendar addon quote I found a broken authentication in Confluence Team calendar. A restricted team calendar that only related to a certain restricted space and can only be viewed by the creater himself show up in his profile...
Other SD Projects Knowledge Base are accessible through direct link
h3. Summary: If a Customer only able to access one SD Portal and log in to Confluence, it is actually possible for that Customer to access other SD Project KBs through a Direct URL Link including navigating the space. h3. Steps to Reproduce: Prepare a JIRA instance that is connected to Confluence...
Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...
Update application-links to fix APL-1327
Now that https://ecosystem.atlassian.net/browse/APL-1327 has been fixed, upgrade application-links to a version that contains a fix for it. In this case Fecru would update application-links from version 5.2.3 the version comes from the platform pom to version 5.2.4...
Update atlassian-gadgets in Confluence to fix AG-1502/ACG-5
For Confluence Server as https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets to a version = 4.2.14 to pick up a fix for AG-1502. For Confluence Cloud as https://ecosystem.atlassian.net/browse/ACG-5 has been fixed, upgrade atlassian-gadgets to a version = 5.1.1...
If user is restricted to only view the space they should not be able to create or import a calendar
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48465. panel panel:title=23 July 2019 Update|bgColor=e7f4fa Hi everyone, thank you for your interest in this ticket. After...
XSS in newFileName Field
From an external report: quote Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the...