Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2014/08/15 12:38 p.m.23 views

Child pages permissions are not respected in Popular Tab

mfernandezbadii posted this on CONF-33207: quote I found that restricted child pages not the whole space, will still show on the Popular Tab. Example: User can browse a Space. Restricted page is created and user can't browse it or see it in the Popular Tab. Child page is created: User can't brows...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2014/07/22 5:5 a.m.23 views

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

Exploits0
Atlassian
Atlassian
added 2014/06/24 6:34 a.m.23 views

Reflected XSS affecting JIRA via Gadgets

Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/16 3:56 p.m.23 views

Disabled user are still able to request for password reset email.

h3. Step to Reproduce: Disable a user test in Crowd administration console make sure that there is no duplicate user Request password reset for the disabled user test h3. Expected result No mail will be sent to disabled account. h3. Observerd Result. The disabled user still receive the password...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2014/06/05 7:15 a.m.23 views

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 1:6 p.m.23 views

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rul...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/22 12:50 p.m.23 views

Upgrading to 5.5.1 from 5.4.3 didn't update xwork from 1.13 to 1.17

We recently upgraded our instance following your security advisory. It was discovered shortly after the upgrade that the xwork file that was vulnerable 1.13 was not upgraded to the safe version 1.17. This could have just been specific to our instance but you should check your upgrade process and...

3.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/19 3:12 a.m.23 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/19 3:12 a.m.23 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.23 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/13 2:54 p.m.23 views

Whitelist or blacklist for inline attachment display

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-32204. panel Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/06 5:1 p.m.23 views

User or Group Page Security

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31505. panel Option to give user or group access to a particular page with a selectable option on the particular page rather th...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/13 11:42 p.m.23 views

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/08 5:0 a.m.23 views

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/08 4:38 a.m.23 views

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 10:54 a.m.23 views

Reflected cross-site scripting (XSS) in dosearchsite action

The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2013/09/17 9:4 a.m.23 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.23 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 5:41 a.m.23 views

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/08/26 11:42 p.m.23 views

CSRF in gadgets plugin

The affected methods are: AddOrRemoveGadgetSpecAction, doAdd AddOrRemoveGadgetSpecAction, doRemove AddOrRemoveGadgetFeedAction, doAddGadgetFeed AddOrRemoveGadgetFeedAction, doRemoveGadgetFeed WhitelistAdminAction, doAddWhitelistUrl WhitelistAdminAction, doRemoveWhitelistUrl RevokeOAuthTokensActio...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.23 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/28 1:59 a.m.23 views

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choos...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/11 8:18 a.m.23 views

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2013/07/05 5:19 a.m.23 views

Webwork 2 code injection vulnerability

We have discovered a vulnerability in WebWork 2, which is a part of the Struts web framework. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. In case of Bamboo, the attacker needs to be able to access Bambo...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 2:9 p.m.23 views

Disallow multiple sessions for an account

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-33586. panel It is currently possible to run several sessions under any account. Some customers prefer to restrict the number of sessions to...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 8:12 a.m.23 views

Allow cookie-less instance for security reasons

Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5. In various cases administrators may want to prevent their users to have their passwords saved. While various browsers will override this settings, but preventing to have a remember-...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/05/13 2:46 p.m.23 views

https://jira.atlassian.com/500page.jsp

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-33042. panel this page shows all the data about JIRA instance to intruder. It makes it more vulnerable when you know the whole setup...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that pag...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2013/05/08 1:31 p.m.23 views

UI Redressing (Clickjacking)

Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame confluence from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issu...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.23 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.23 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 4:8 a.m.23 views

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2013/04/16 3:39 a.m.23 views

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/04/10 12:36 a.m.23 views

Workbox (Notifications and Tasks) leaks restricted information from a jira issue

If a confluence instance is configured to pull notifications from a JIRA server then if a user 'B' not in group 'A' watches an issue and a comment is added to the issue restricted to group 'A' then user 'B' is able to see the contents of the restricted comment via the "Notifications and Tasks"...

1.9AI score
Exploits0
Atlassian
Atlassian
added 2013/04/04 10:48 a.m.23 views

Editing "Global Templates" possible without admin login

If you are logged in to the admin panel you get the following line: quoteYou have temporary access to administrative functions. Drop access if you no longer require it. For more information, refer to the documentation.quote Pressing "Drop access" redirects you to the normal Wiki page, away from t...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/19 12:58 a.m.23 views

XSS in /secure/admin/AssociateProjectRepPath!default.jspa

fromScreen is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link without a token. noformat GET...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/04 11:16 p.m.23 views

User receives an email even though they don't have access to the page where a task was unassigned

h3. Steps to reproduce: Find/Create a space that has restricted view access Create a page and assign a task to a user that doesn't have view access to the page. Save the page. User does not receive an email, and the task does not show up in the user's to-do correct behavior Edit the page and...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/01/16 8:52 a.m.23 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/17 1:20 p.m.23 views

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/15 12:39 a.m.23 views

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/12 6:44 a.m.23 views

XSS vulnerability in atlassian-bonfire-plugin pagination

There is an XSS vulnerability present in the pagination of Bonfire sessions. Steps to reproduce: 1. Create a user with username '" onmouseover="alert4321" blah="' without the single quotes 2. Create at least 21 test sessions owned by this user 3. Visit the user's profile page and click on the tes...

6.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/10 1:10 a.m.23 views

Reflected XSS in Create Issue Details page

The Create Issue Detail page is vulnerable to reflected XSS. 1. Login to https://$JIRA/ 2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="alert'XSS'alert'XSS'p+name%3D"&pid=10000&issuetype=2...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 4:9 a.m.23 views

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2012/10/08 3:43 a.m.23 views

Reflected xss in the System Notifications administration resource

The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters. For example: 1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action 2...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2012/10/04 5:33 a.m.23 views

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/04 2:46 a.m.23 views

SQL injection in DefaultReferralManager

In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2012/09/27 4:29 p.m.23 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295