4295 matches found
The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service
The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...
Changing public flag in Repository Permissions does not reflect on mirrors
h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...
Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 7.21.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
Questions For Confluence App - Hardcoded Password
i Update: This advisory has been updated since its original publication. 2022/08/01 12:00 PM PDT Pacific Time, -7 hours color:172b4dUpdated the Remediation section to note that if the disabledsystemuser account is manually deleted, the app must also be updated or uninstalled to ensure the account...
DoS through Jira Gadget API - CVE-2019-20899
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. Affected versions: version 8.5.4 8.6.0 Fixed versions: This is fixed in versions 8.5.4, 8.6.1 and 8.7.0...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505
Affected versions of Atlassian Jira Server and Data Center used versions of XStream that were vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. The affected versions of Jira Server and Data Center are before version 8.18.0. Affected versions:...
The bundled Atlassian Universal Plugin Manager plugin had a CSRF issue - CVE-2019-14999
The version of the bundled Atlassian Universal Plugin Manager plugin had a CSRF vulnerability that allowed remote attackers, through an administrator, uninstall plugins through a rest endpoint. See https://ecosystem.atlassian.net/browse/UPM-6044 for more details...
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...
Notifications: upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Atlassian Notifications is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
Affected versions of Atlassian Jira Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. The affected versions are...
The version of moment.js used in Jira was vulnerable to a regular expression denial of service
The version of moment.js used in in Jira before version 7.12.3, from version 7.13.0 before version 7.13.1 and before version 8.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...
Upgrade Tomcat to 8.0.36 or later
Current version of Tomcat 8.0.33 is vulernable to http://www.cvedetails.com/cve/CVE-2016-3092/ We need to upgrade the version we package with JIRA to address that vulnerability...
Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
h3. Issue Summary The recently disclosed vulnerability regarding Tomcat|https://nvd.nist.gov/vuln/detail/CVE-2020-9484 affects the following versions: Apache Tomcat 7x 7.0.103 Apache Tomcat 8x 8.5.54 Apache Tomcat 9x 9.0.34 Apache Tomcat 10x 10.0.0-M4 We should bundle a more recent version of...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
Server Side Request Forgery(SSRF) in the Jira Trello importer - CVE-2017-16865
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
Several XSS flaws in the /rest/tinymce/1
I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...
Crowd silently ignores changes to active status of users in Azure AD.
When Crowd synchronises users for the very first time from Azure AD it will recognise "active" state of users correctly. Unfortunately, on next synchronisations Crowd ignores changes to these statuses, so once they are set, they will never change...
Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889
In BSERV-13534 commons-text usages were upgraded in the Bitbucket Webapp to mitigate against CVE-2022-42889 although Bitbucket WebApp was actually unaffected. The bundled OpenSearch should also be updated to 1.3.7 when it is released. The release date is currently scheduled for 13-Dec-2022:...
Tomcat PersistenceManager vulnerabilities - CVE-2021-25329 and CVE-2021-25122
Affected versions of Atlassian Jira Server and Data Center are susceptible to Tomcat PersistenceManager vulnerabilities. Affected versions: ≤ 8.16.0 Fixed versions: pending...
Update Tomcat Native DLL in JIRA Installer
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-38927. panel quote 7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships...
Content spoofing in the attachment resource in the Firefox browser - CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml...
XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239
The version of the Application Links plugin used in Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details...
CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...
The moment.js version 2.9.0 is vulnerable to regular expression denial of service
h3. Issue Summary Bamboo uses moment.js version 2.9.0 which is vulnerable to regular expression denial of service. For additional details see https://github.com/moment/moment/issues/2936 and https://www.npmjs.com/advisories/55. h3. Suggested Solution Upgrade moment.js to version = 2.11.2...
Improper Authorization in Applinks - CVE-2019-20105
The Application links plugin used in Atlassian Confluence Server and Data Center before version 6.13.11, and from version 6.14.0 before version 7.3.3 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an improper authorization check. See...
Upgrade Tomcat to 8.0.36 or later
Current version of Tomcat 8.0.33 is vulernable to http://www.cvedetails.com/cve/CVE-2016-3092/ We need to upgrade the version we package with JIRA to address that vulnerability...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerat...
XSS through the orderby parameter in the issue search resource - CVE-2017-16864
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the orderby parameter...
Unauthenticated users can view the content of Confluence blogs and pages (CVE-2017-7415)
The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the conten...
Custom field options are exposed via an unauthenticated REST API endpoint - CVE-2020-36237
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. Affected versions: version...
CSRF via Logging and Profiling feature - CVE-2019-20415
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.3 8.0.0 ≤ version 8.1.0 Fixed versions: 7.13.3 8.1.0...
URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994
A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects...
Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check...
Jira 8.19.X ships with JDK 11.0.11 which is affected by CVE-2021-2388
h3. Issue Summary Since the release of JRASERVER-72339 , Jira 8.19.X ships with OpenJDK 11 however the bundled AdoptOpen JDK 11.0.11 is affected by CVE-2021-2388 : https://nvd.nist.gov/vuln/detail/CVE-2021-2388 - CVSS 3.1 Base Score 7.5 Quote from doc bq. This vulnerability does not apply to Java...
Upgrade Bouncy Castle to fix multiple CVEs
h3. Issue Summary Jira uses Bouncy Castle library in version 1.50 that's vulnerable to 10 CVEs: https://www.cvedetails.com/cve/CVE-2015-7940/ https://www.cvedetails.com/cve/CVE-2016-1000338/ https://www.cvedetails.com/cve/CVE-2016-1000339/ https://www.cvedetails.com/cve/CVE-2016-1000341/...
JQL filter for Webhooks doesn't work correctly when "Comment" and "Worklog" related events are fired - CVE-2017-18104
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-59980. panel h3. Security information The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version...
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2020-1935|https://vulners.com/cve/CVE-2020-1935 CVE-2019-17569|https://vulners.com/cve/CVE-2019-17569 CVE-2020-1938|https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2020-1938 Which affects the following...
About Jira page can be accessed anonymously
h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...
Incorrect permission check for deployment projects (CVE-2017-8907)
Bamboo did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan...
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...
Links to Atlassian domains should use HTTPS for the protocol
h3. Summary Currently, all Atlassian links in Jira's footer and perhaps other locations use HTTP, instead of HTTPS. h3.Notes The user is redirected to HTTPS, but the link itself should also be HTTPS to reduce the possibility of tampering. h3.Suggested Solution All links to Atlassian domains shoul...
Argument injection in Mercurial repository handling - CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a non-linked Mercurial repository create or edit a plan...
Multiple vulnerabilites in Java 1.7.0_15
The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...
Stored XSS in Add Field module - CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. Affected versions: version 8.7.0 Fixed versions: 8.7.0...
XSS in WallboardServlet through the cyclePeriod parameter - CVE-2018-20824
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the cyclePeriod parameter...
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
Vulnerable version of Underscore.js used - CVE-2021-23358
Affected versions of Atlassian Jira Server and Data Center used Underscore.js 1.9.1, which was vulnerable to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358. The affected versions of Atlassian Jira Server and Data Center are before version 8.18.0. Affected versions: version 8.13.10 8.14.0 =...