Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2012/10/04 2:46 a.m.•23 views

SQL injection in DefaultReferralManager

In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2012/09/27 4:29 p.m.•23 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/12 3:37 p.m.•23 views

Group Picker Should Not Listed All Groups

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/12 3:37 p.m.•23 views

Group Picker Should Not Listed All Groups

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/12 4:11 a.m.•23 views

XSS vulnerability in chart saving

Create a new dashboard with the name alert"XSS" 2. Go to the issue navigator and perform a search 3. Choose Views - charts - Save to dashboard This is because portal.name is unescaped in savetodashboard.vm. Tested in OnDemand and BTF...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/10 4:14 a.m.•23 views

The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side input...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/08/22 12:18 p.m.•23 views

As a JIRA System Administrator, I can instruct web browsers to not allow saving a user's password in the various login options, so that unauthorized users can not access the system.

In some organisations, as part of a set of security requirements, it is required for compliant applications, to disallow users to store there application password in their browser. It would be perfect, if JIRA and all other Atlassian applications would allow to configure the autocomplete="off"...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/18 8:44 p.m.•23 views

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/07 7:0 a.m.•23 views

Javascript escape the value of "dark features" within the javascript context they are rendered out in

Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/06 11:31 p.m.•23 views

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

Exploits0
Atlassian
Atlassian
•added 2012/03/01 1:59 a.m.•23 views

open redirect in flushcache.action

A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the here is an example attack using the flaw...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2011/07/22 4:46 a.m.•23 views

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Exploits0
Atlassian
Atlassian
•added 2011/05/23 1:48 a.m.•23 views

Members of confluence-administrators receive notifications for comments and attachments on restricted pages

Members of the special confluence-administrators group have access to all content on the site, however they should not see restricted content in search results or get notifications about changes on restricted pages. There is a bug in the permission check for notifications about "contained" object...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/04/21 2:58 p.m.•23 views

As a developer or release manager I want to be able to create and manage versions in JIRA without having to be given project admin permissions

Currently JIRA only allows a user to create, release and generally manage versions in a project if the user is a project admin. However there are numerous use cases where developers, release managers, project managers, etc. need to be able to perform this function but don't need full admin rights...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/01/18 10:47 p.m.•23 views

Deleting a user does not remove the user from its LDAP group

Jira team: I believe this to be a JIRA bug because this scenario does not reproduce in Confluence when it is linked to Crowd. - Add an LDAP directory to Crowd. Make sure to have the "jira-users", "jira-administrators" and "jira-developers" groups exist in LDAP. - Add Crowd Server as a directory t...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/12/02 11:0 p.m.•23 views

XSS vulnerability in Bookmarks macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence bookmarks macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...

Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/11/05 5:10 a.m.•23 views

XSS in filter.subscription.prefix.monthDay parameter of /secure/FilterSubscription.jspa

http://172.16.230.130:8080/secure/FilterSubscription.jspa?filter.subscription.prefix.interval=180&groupName=jira-users&filter.subscription.prefix.runFromMins=00&nextRun=&filter.subscription.prefix.runToMins=00&filter.subscription.prefix.runToMeridian=pm&filter.subscription.prefix.week=2&filter.su...

0.6AI score
Exploits0
Atlassian
Atlassian
•added 2010/09/23 1:6 a.m.•23 views

XSS vulnerability in space key, particularly with decorators off

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable...

0.3AI score
Exploits0
Atlassian
Atlassian
•added 2010/09/06 4:33 a.m.•23 views

Potential attack vector using attachments

Suspicious handling of attachment uploads with filenames containing quotes the quoted ended up being repeated and semicolons semicolon and all subsequent characters were stripped from filename...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/09/03 3:14 a.m.•23 views

Allow anonymous/public access at page level

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-20737. panel Although a space might be restricted to some groups/users, it is sometimes required to allow public/anonymous acces...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/23 9:46 a.m.•23 views

Property for enabling/disabling viewage of Jira administrators

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-22096. panel As of JRA-21004, it also happened that the Administrator page does not show the administrators anymore. This patch is enables...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/02 5:14 a.m.•23 views

Secure Administrator Sessions feature can be bypassed

In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3. This would allow an attacker to perform administrative functions on Confluenc...

0.6AI score
Exploits0
Atlassian
Atlassian
•added 2010/07/15 12:33 a.m.•23 views

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

0.3AI score
Exploits0
Atlassian
Atlassian
•added 2010/06/21 3:46 a.m.•23 views

XSS vulnerability in Contributors macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence \contributors macro. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/27 1:3 a.m.•23 views

Put a new security log into JIRA so that important events can be specifically logged

The idea is to have a specific atlassian-jira-security.log that contains important events such as user logged in, logged out, session created and so on. This would allow for more specific information about how is logged into JIRA and when. This has been mooted for a while and is now being done in...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 5:52 a.m.•23 views

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/22 1:24 a.m.•23 views

Remove the download link for XML site backups

Currently Confluence allows easy download of XML site backups. This could be considered a security risk. This issue introduces a flag in the Confluencecfg.xml that allows system administrators to turn this feature on or off. By default it is off meaning that the link will not be displayed. The fl...

6.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 12:49 a.m.•23 views

XSS vulnerability in Colour Scheme settings

An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/19 2:59 a.m.•23 views

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/16 5:9 a.m.•23 views

500page.jsp contains HTTP Header XSS vulnerability

The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...

1AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/13 3:26 p.m.•23 views

Allow user accounts to require two-factor authentication using RFC 4226

New feature request. In light of the recent security hack at Apache, it might be prudent for JIRA to provide some more secure options for user authentication. One candidate is two-factor authentication using the RFC 4226 OATH/HOTP|http://en.wikipedia.org/wiki/HOTP standard. This requires the user...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/13 5:50 a.m.•23 views

Privilege escalation vulnerability when administrator access is compromised

panel:borderColor=ff0000|borderStyle=solid|bgColor=ffccccNote: This issue is superceded by JRA-21004. Please install the patches on that issue, rather than this one. For more details, see JIRA Security Advisory -...

0.4AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/08 8:10 p.m.•23 views

Signing in with username with different case creates new user

We currently utilize LDAP for our user repository and allow users to be automatically added to crucible if they can successfully authenticate. We have recently received complaints from users that their names were showing up two times in reviews. After some analysis we saw that there were 2...

7AI score
Exploits0
Atlassian
Atlassian
•added 2010/01/20 6:41 p.m.•23 views

autocomplete box in page restrictions finds deleted users, wrong usernames

We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/10/12 9:20 p.m.•23 views

Workflow permission to limit ability to link issues

We need to be able to limit the ability to link issues by the issue status. If we have two issues, and they are both closed, I do not want to be able to link them. If one or both are opened or in progress, I'd like to be able to create the link from the open issue. We are trying to use Jira for...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/10 3:15 a.m.•23 views

Update of jcaptcha

Update version of jcaptcha that we use...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/07/31 6:6 a.m.•23 views

JQL not respecting Issue Security Level "Project Lead"

While writing TestIssueSecurityLevel I found the following problem: fred is not a Project Lead HSP-3 has Issue Security Level of "Project Lead" only. empty JQL to show all visible issues doesn't show HSP-3. make fred the Project Lead same query: still no HSP-3 however: fred can browse to HSP-3 an...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2009/06/18 1:45 p.m.•23 views

Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0

Confluence allows its users to specify a "Profile Picture," an image that appears on many pages related to the user. A user can either upload a custom image, or select one from a set provided by Confluence. Confluence uses the /users/doeditmyprofilepicture.action path to process requests to chang...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/06/18 6:38 a.m.•23 views

XSS vulnerability in space name when page move would create a duplicate

Create a space called alert"XSS"; Find a page named 'Home' in a different space Move this page, choosing the previously created space as the destination The move will fail due to the duplicate page name, and the script will be run...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/05/07 2:13 a.m.•23 views

The i18n in velocity templates does not auto html encode parameters

All the getText methods on com.atlassian.confluence.util.i18n.DefaultI18NBean are anontated as HtmlSafe which means that any parameter which gets passed in as an argument will not be auto html encoded by the Anti-XSS module. The most straight forward way to fix this is to wrap the parameter insid...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/05/07 2:13 a.m.•23 views

The i18n in velocity templates does not auto html encode parameters

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-15548. panel All the getText methods on com.atlassian.confluence.util.i18n.DefaultI18NBean are anontated as HtmlSafe which mean...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/04/24 5:21 p.m.•23 views

Shared Filter properties exposed without authentication

Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal. Example 1: Searching filters http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search Example 2: Viewing properties of filters. I can see custom fields, sear...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/04/21 1:39 p.m.•23 views

Issue attachments, need a functionality of Security Schemes

In our JIRA instance both customers and developers have access to issues. We would like to have a security scheme functionality in connection to issue's attachments. In other words, we would like to attach a documentation which would not be visible to customers or other groups of JIRA users...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/03/12 4:24 p.m.•23 views

Vulnerable and pointless password storage on client computers

Given the following: -http://confluence.atlassian.com/display/DOC/Confluence+Cookies, which says "a one-way hash of the user's password" is stored in a browser cookie on the user's computer. -CSP-29692 case I opened with Atlassian support, which explained that EncryptionUtils.java is used to...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/18 8:8 p.m.•23 views

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/01/28 9:58 p.m.•23 views

Ability to grant Import/Export privileges to a group or a user

In our JIRA environment, we have several projects where each of the project admins uploads tasks from a CSV file into their respective project. Inorder for these project admins have the upload permissions, they need to be part of the JIRA System Administration group. This is unacceptable and is a...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/01/05 1:54 p.m.•23 views

Assignment of JSESSIONIDs

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-14112. panel I believe it should be a feature in future versions of Confluence to assign a different JSESSIONID to the user's...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/11/28 5:50 a.m.•23 views

Confluence displays ALL attachments when the following URL is viewed

i removed the space key from the URL for the normal space attachment viewing, and it displays all the attachments for all spaces in the install of Confluence, Irrispecitve of space and page level permission restrictions. For Example:...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/09/17 9:4 p.m.•23 views

It's possible to execute a workflow action without being logged in.

To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...

2.9AI score
Exploits0
Atlassian
Atlassian
•added 2008/09/15 4:5 p.m.•23 views

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

0.6AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295