Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2015/08/04 1:6 p.m.23 views

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2015/07/08 2:41 a.m.23 views

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/07/08 2:41 a.m.23 views

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

1.9AI score
Exploits0
Atlassian
Atlassian
added 2015/07/01 9:14 p.m.23 views

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-38125. panel h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/07 12:44 a.m.23 views

Application Navigator shows full list of links, including restricted ones

If a user has access to JIRA, but not Confluence, and try to go to a Confluence page, the access error page itself will have the hamburger menu with a full, unrestricted list of all links set up. We have a couple links pointing to code repositories and an older, archived issue tracker. The former...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/05 8:33 p.m.23 views

Authentication fails on Push to Stash

When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/14 11:25 a.m.23 views

Disable SSLv3 in outgoing HTTPS connections from Confluence

SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in January 1999 and java 6 supports and uses it as the default client version in TLS handshake. SSLv3 is old and limits the ciphers that can be used. SSLv3 is also vulnerable to POODLE. We...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/13 9:50 a.m.23 views

User receiving notification from a restricted space

h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/06 2:10 a.m.23 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0
Atlassian
Atlassian
added 2014/12/18 3:30 a.m.23 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/02 7:41 a.m.23 views

XSS vulnerability in "children" macro when displaying excerpts

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-35777. panel - Create a parent page A with a child page B - Add an \excerpt\ macro to B containing the text alert"Gotcha!"; - Ad...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2014/10/20 8:42 p.m.23 views

XSS in page editor via Shortcut links

Steps to reproduce: 1. add new shortcuts with default alias like "". 2. by typing searchterms@aliasname in page editor you can trigger XSS By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.23 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/22 5:5 a.m.23 views

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

Exploits0
Atlassian
Atlassian
added 2014/06/27 7:3 a.m.23 views

Seemingly malformed PNG file will cause JIRA to OOM within seconds

.atlassian.net was chain-OOM-ing earlier today. jworley was able to narrow it down to an image attachment on a particular issue. It's only a 300KB PNG file a screenshot from an Android device but it causes JIRA to OOM almost immediately. I've been able to replicate that behaviour on my jira-dev...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/24 6:34 a.m.23 views

Reflected XSS affecting JIRA via Gadgets

Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/16 3:56 p.m.23 views

Disabled user are still able to request for password reset email.

h3. Step to Reproduce: Disable a user test in Crowd administration console make sure that there is no duplicate user Request password reset for the disabled user test h3. Expected result No mail will be sent to disabled account. h3. Observerd Result. The disabled user still receive the password...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2014/06/10 5:53 a.m.23 views

XSS in FilterSubscription

h4. To reproduce: Visit: code:none /secure/FilterSubscription!default.jspa?returnUrl=javascript:alert1 code Click "Cancel" An alert should appear This URL should be restricted to the current domain, and to http/https protocols...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/05 7:15 a.m.23 views

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 1:6 p.m.23 views

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rul...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/19 3:12 a.m.23 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/19 3:12 a.m.23 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 3:13 p.m.23 views

Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.23 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/11 7:33 p.m.23 views

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31945. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visibl...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/05 9:38 a.m.23 views

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.23 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/08 5:0 a.m.23 views

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 10:54 a.m.23 views

Reflected cross-site scripting (XSS) in dosearchsite action

The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 9:22 a.m.23 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 9:6 a.m.23 views

Persistent cross-site scripting (XSS) via DailyMotionRenderer

A number of renderer classes used by the widget macro were previously identified that contained URL validation flaws leading to persistent cross-site scripting XSS vulnerabilities. The modified classes now make use of the isUrlMatch method from the WidgetConnectorUtil class in the implementation ...

6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 4:57 p.m.23 views

Unauthenticated access to private information via tinymce plugin

It is possible for unauthenticated users to retrieve information from a Confluence instance, including tables of contents and change histories for private pages, and lists of all attachments in a space, by making calls to the preview function of the macro REST API in the confluence-tinymce-plugin...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/17 9:4 a.m.23 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.23 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 5:41 a.m.23 views

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/08/22 4:55 a.m.23 views

Make custom field description and options rendering consistent for OnDemand and BTF

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-34440. panel JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.23 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/26 3:5 a.m.23 views

XSS vulnerabilities in Atlassian Answers

Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page https://answers.atlassian.com/. Chose "Browse", "Users" and "Sort By Username" then a alert dialogue box will appear...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/11 8:18 a.m.23 views

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2013/07/05 5:19 a.m.23 views

Webwork 2 code injection vulnerability

We have discovered a vulnerability in WebWork 2, which is a part of the Struts web framework. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. In case of Bamboo, the attacker needs to be able to access Bambo...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 8:12 a.m.23 views

Allow cookie-less instance for security reasons

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that pag...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.23 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.23 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 4:8 a.m.23 views

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2013/04/16 3:39 a.m.23 views

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/03/19 12:45 a.m.23 views

XSS in organisationId in /secure/admin/UpdateBitbucketCredentials.jspa

OrganisationId is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link. noformat GET...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/16 8:52 a.m.23 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295