Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2014/05/19 3:12 a.m.23 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/13 2:54 p.m.23 views

Whitelist or blacklist for inline attachment display

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-32204. panel Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/06 5:1 p.m.23 views

User or Group Page Security

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31505. panel Option to give user or group access to a particular page with a selectable option on the particular page rather th...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/13 11:42 p.m.23 views

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/08 5:0 a.m.23 views

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/08 4:38 a.m.23 views

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/30 7:48 a.m.23 views

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 5:4 p.m.23 views

Unauthenticated enumeration of resource information via tinymce plugin

It is possible for unauthenticated users to retrieve a large amount of information from a Confluence instance, including page titles, attachment filenames, and username, by making calls to the link REST API in the confluence-tinymce-plugin. This is effective even when the anonymous user does not...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/17 9:4 a.m.23 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.23 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2013/08/26 11:42 p.m.23 views

CSRF in gadgets plugin

The affected methods are: AddOrRemoveGadgetSpecAction, doAdd AddOrRemoveGadgetSpecAction, doRemove AddOrRemoveGadgetFeedAction, doAddGadgetFeed AddOrRemoveGadgetFeedAction, doRemoveGadgetFeed WhitelistAdminAction, doAddWhitelistUrl WhitelistAdminAction, doRemoveWhitelistUrl RevokeOAuthTokensActio...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/20 2:11 a.m.23 views

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL usersvia the project table portlet, if they have any kind of permission to see this project or not. So all users can see this project, but can't see an...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.23 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/28 1:59 a.m.23 views

XSS Vulnerability - delete filter confirmation

Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose "Save as", enter "alertdocument.cookie for the name. 3. Delete the filter. See attached screenshots...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/28 1:59 a.m.23 views

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choos...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/11 8:18 a.m.23 views

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2013/06/20 2:9 p.m.23 views

Disallow multiple sessions for an account

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-33586. panel It is currently possible to run several sessions under any account. Some customers prefer to restrict the number of sessions to...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 8:12 a.m.23 views

Allow cookie-less instance for security reasons

Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5. In various cases administrators may want to prevent their users to have their passwords saved. While various browsers will override this settings, but preventing to have a remember-...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/05/23 12:31 a.m.23 views

The group # in crowd and confluence is different

I used confluence 4.3.7, and integrated with crowd 2.4.2 following the instruction. The issue is that a user is assigned to group confluence-users in crowd, but the group is not shown up in confluence . Here are what I did: Checking in confluence -- users -- detail, shows in groups: no...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that pag...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/08 1:31 p.m.23 views

UI Redressing (Clickjacking)

Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame confluence from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issu...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.23 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.23 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/16 4:8 a.m.23 views

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2013/04/16 3:39 a.m.23 views

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/04/10 12:36 a.m.23 views

Workbox (Notifications and Tasks) leaks restricted information from a jira issue

If a confluence instance is configured to pull notifications from a JIRA server then if a user 'B' not in group 'A' watches an issue and a comment is added to the issue restricted to group 'A' then user 'B' is able to see the contents of the restricted comment via the "Notifications and Tasks"...

1.9AI score
Exploits0
Atlassian
Atlassian
added 2013/04/04 10:48 a.m.23 views

Editing "Global Templates" possible without admin login

If you are logged in to the admin panel you get the following line: quoteYou have temporary access to administrative functions. Drop access if you no longer require it. For more information, refer to the documentation.quote Pressing "Drop access" redirects you to the normal Wiki page, away from t...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/04 11:16 p.m.23 views

User receives an email even though they don't have access to the page where a task was unassigned

h3. Steps to reproduce: Find/Create a space that has restricted view access Create a page and assign a task to a user that doesn't have view access to the page. Save the page. User does not receive an email, and the task does not show up in the user's to-do correct behavior Edit the page and...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/01/16 8:52 a.m.23 views

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/05 10:10 a.m.23 views

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

3.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/17 1:20 p.m.23 views

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/15 12:39 a.m.23 views

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/12 6:44 a.m.23 views

XSS vulnerability in atlassian-bonfire-plugin pagination

There is an XSS vulnerability present in the pagination of Bonfire sessions. Steps to reproduce: 1. Create a user with username '" onmouseover="alert4321" blah="' without the single quotes 2. Create at least 21 test sessions owned by this user 3. Visit the user's profile page and click on the tes...

6.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/10 1:10 a.m.23 views

Reflected XSS in Create Issue Details page

The Create Issue Detail page is vulnerable to reflected XSS. 1. Login to https://$JIRA/ 2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="alert'XSS'alert'XSS'p+name%3D"&pid=10000&issuetype=2...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2012/10/08 4:9 a.m.23 views

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2012/10/08 3:43 a.m.23 views

Reflected xss in the System Notifications administration resource

The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters. For example: 1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action 2...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2012/10/04 5:33 a.m.23 views

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/04 2:46 a.m.23 views

SQL injection in DefaultReferralManager

In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2012/09/27 4:29 p.m.23 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2012/09/27 4:29 p.m.23 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/12 3:37 p.m.23 views

Group Picker Should Not Listed All Groups

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/12 3:37 p.m.23 views

Group Picker Should Not Listed All Groups

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/07 4:57 a.m.23 views

The application should return caching directives instructing browsers not to store local copies of any sensitive data.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/08 7:48 a.m.23 views

Persistent xss flaw in the revision history (of comments).

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47387. panel Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2012/08/04 9:29 a.m.23 views

Add an option in User Directory settings to make an SSL LDAP connection but without verifying that the hostname and certificate match

Starting JIRA 5.1, the embedded crowd has been upgraded from version 2.3.2 to 2.4. This includes the security fix CWD-2690 won't be visible to public that has been announced in Crowd 2.3.6 release notes - Crowd 2.3.6 Release...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/04 9:29 a.m.23 views

Add an option in User Directory settings to make an SSL LDAP connection but without verifying that the hostname and certificate match

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29213. panel Starting JIRA 5.1, the embedded crowd has been upgraded from version 2.3.2 to 2.4. This includes the security fix CWD-2690 won'...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/18 8:44 p.m.23 views

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/16 5:16 p.m.23 views

crowd.properties password entry in plain text

The entry application.password in JIRA's crowd.properties is in plain text, it needs to create an option to use encrypted or hashed value...

0.9AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295