4295 matches found
Other SD Projects Knowledge Base are accessible through direct link
h3. Summary: If a Customer only able to access one SD Portal and log in to Confluence, it is actually possible for that Customer to access other SD Project KBs through a Direct URL Link including navigating the space. h3. Steps to Reproduce: Prepare a JIRA instance that is connected to Confluence...
Information Exposure in JUnit Report Macro
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-52112. panel The JUnit Report Macro throws different error messages for the url parameter code:java file:///no/file/herecode...
Administrators should have the ability to restrict access to the System dashboard
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-64165. panel Administrators should have the ability to restrict access to the System dashboard which by default is available to the public...
XSS attack possible on FishEye file history page
The File History page was vulnerable to XSS...
Update atlassian-gadgets in Confluence to fix AG-1502/ACG-5
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-45392. panel For Confluence Server as https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets t...
Secure SSL flag does not work when using Delegated LDAP
h3. Summary The Secure SSL flag under the Advanced Settings section in the LDAP settings does not work when using Delegated LDAP/Internal with LDAP Authentication in JIRA. h3. Steps to Reproduce Add a Delegated LDAP AD in JIRA Checking the Secure SSL checkbox and hit the Save and Test button if w...
Issue Security Scheme Changes Are Not Reported In Audit Log
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-62187. panel h3. Summary When a change is made to an issue security scheme, nothing is logged in the Audit Log. This means that an...
XSS in Mail Whitelist Field
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61963. panel Jira Admins can create a persistant XSS on the Incoming Mail configuration page. When the value code "alert1 code is inserted in...
XSS in newFileName Field
From an external report: quote Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the...
The "Restrict to articles with labels" option doesn't restrict the customer portal from suggesting KB's other than those with the nominated Label
h3. Summary Currently we have the "Restrict to articles with labels", where you can specify the label for a request. When a customer is filling the summary for a request, SD will search the knowledge base for similar content from confluence pages with that label. However, the customer portal sear...
Permission issues with projects and reviews
There are 2 issues related to permission schema. They were grouped together into a single issue, marked with a security label. h4. Issue 1 User visited in the past Project A. Also he has visited a review raised in Project A. FeCru allows him to access those recent items using the menu on top...
Security Issue with multimedia playback on Mac OSX
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-41124. panel Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to mak...
XSS vulnerability found in profile settings
There was a XSS vulnerability found in profile settings pages...
Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances
Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...
Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances
Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...
One FishEye admin can get access to repository password provided by another admin
It was possible to retrieve the repository passwords provided by another administrator via web browser session. It was fixed now, so password can still be changed or unset if necessary, but it is not possible to read its contents...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
XSS in review file paths
We have identified a XSS vulnerability introduced in Crucible 3.9.0. Fix was included in 3.9.1 version released publicly on September 10th, 2015...
Prevent Activity feed information leakage by allowing permanently disabling of it
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...
SEN available in HTTP Response headers
Cloned from JRA-45188 h3. Summary Seems we're giving away our Support Entitlement Numbers SEN in our HTTP response headers. Risk here is that users who obtain these can then get free support in SAC. h3. Environment JIRA and Confluence Server JIRA and Confluence Cloud Potentially other apps h3...
Disabled Users Receive Notification from Team Calendar
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...
As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis
h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis. At the moment, the setting is applied at a global basis, which does not work if you want attachments to be downloaded/displayed inline depending on the...
Users with only View Space permission are able to edit Space Questions
h2. Problem Summary Users are able to edit any Space Questions as long as they have View permissions for that space. This includes questions asked by other users. Users do not need to have Space Admin or even Add/Edit Page permissions to the space, only View is required. This is inconsistent when...
Advanced JQL Search does not Respect User email visibility Hidden
h4. Problem The advanced JQL autocomplete functionality is still showing email addresses, ignoring the User email visibility option. Basic mode does not show emails See screenshots h4. Steps to Reproduce Set User email visibility to Hidden JIRA Administration System General Configuration Edit Use...
Advanced JQL Search does not Respect User email visibility Hidden
h4. Problem The advanced JQL autocomplete functionality is still showing email addresses, ignoring the User email visibility option. Basic mode does not show emails See screenshots h4. Steps to Reproduce Set User email visibility to Hidden JIRA Administration System General Configuration Edit Use...
Restrictions not applied for inline comments in attachments
When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
Application Navigator shows full list of links, including restricted ones
If a user has access to JIRA, but not Confluence, and try to go to a Confluence page, the access error page itself will have the hamburger menu with a full, unrestricted list of all links set up. We have a couple links pointing to code repositories and an older, archived issue tracker. The former...
OGNL Double Evaluation Vulnerability
We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to have an account and be able to access the Confluence web interface. All versions of Confluence u...
Administrator role has access to restricted pages
Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...
Administrator role has access to restricted pages
Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...
Information disclosure - full path disclosure
Jira displays charts on the dashboard by writting a temporary file in Jira "tmp" folder and reading it through a page called "charts" When the filename provided to this page is not present, an error message displays the full path to the "tmp" folder, which lies in Jira directory. This is a...
Stash email settings fields can be inadvertently be populated by browser with user login details - security issue
The email and username password in the email server settings screen has the same names as the username and password fields when logging in. This has the unintentional side affect of being pre-populated by your browser if you have left the mail server credentials blank and your browser has saved...
Stash email settings fields can be inadvertently be populated by browser with user login details - security issue
The email and username password in the email server settings screen has the same names as the username and password fields when logging in. This has the unintentional side affect of being pre-populated by your browser if you have left the mail server credentials blank and your browser has saved...
Project administrator is able to migrate Permission Scheme
panel:title=Atlassian status update as of 12th July 2018 Hello Customers, We’ve addressed this bug and the fix is available on all version of Jira Service Desk 3.9 and above. For more information please refer to the documentation here...
Bitbucket repository configuration doesn't offer SSH
When you add a new Bitbucket repository, you can only enter a username/password for authentication. If you want to use SSH, you should fallback to the generic 'Git' repository host. SSH should be offered as an option in the Bitbucket configuration. As an intermediate solution you can add a...
Confluence Security Settings not respected by Confluence Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...
Add global option "Enable group <anyone>"
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-39912. panel As mentioned in JRA-18076 and JRA-23255, the predefined group anyone poses security risks in many cases as it exposes projects t...
Disabled users still recieve 'Share Page' emails sent to groups
Steps to Reproduce in Confluence: Create a user, and set to 'Disabled' Create a Group and make this user a member of this group Share a page with the group This results in an email being sent to the inactive user Steps to Reproduce with a Crowd server handling user management: Same as above, but...
Draft retrieval in the editor doesn't respect page or space permissions
Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...
Child pages permissions are not respected in Popular Tab
mfernandezbadii posted this on CONF-33207: quote I found that restricted child pages not the whole space, will still show on the Popular Tab. Example: User can browse a Space. Restricted page is created and user can't browse it or see it in the Popular Tab. Child page is created: User can't brows...
Information disclosure in the REST API
Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...
Reflected XSS affecting Confluence via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
Reflected XSS affecting JIRA via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
Crowd User Directory application password stored in plain text
Table: cwddirectoryattribute Column: attributevalue How to Verify in my environment: Connect to JIRA database using psql and run query: code select attributevalue from cwddirectoryattribute where attributename = 'application.password' code Note how the returned value is the plain text value of th...