4295 matches found
XSS in Mail Whitelist Field
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61963. panel Jira Admins can create a persistant XSS on the Incoming Mail configuration page. When the value code "alert1 code is inserted in...
XSS in newFileName Field
From an external report: quote Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the...
JIRA puts a user's XSRF token in various resources.
h5.Steps to Reproduce: Log into JIRA Log out from JIRA h5.Expected Results: The URL shown in the address bar does not show the atltoken value h5.Actual Results: The URL shown in the address bar shows the atltoken value h5.Impact After checking with the security teams, this appears to be a low ris...
The "Restrict to articles with labels" option doesn't restrict the customer portal from suggesting KB's other than those with the nominated Label
h3. Summary Currently we have the "Restrict to articles with labels", where you can specify the label for a request. When a customer is filling the summary for a request, SD will search the knowledge base for similar content from confluence pages with that label. However, the customer portal sear...
Permission issues with projects and reviews
There are 2 issues related to permission schema. They were grouped together into a single issue, marked with a security label. h4. Issue 1 User visited in the past Project A. Also he has visited a review raised in Project A. FeCru allows him to access those recent items using the menu on top...
Security Issue with multimedia playback on Mac OSX
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-41124. panel Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to mak...
XSS vulnerability found in profile settings
There was a XSS vulnerability found in profile settings pages...
Customer can see Internal Comment created by Automation Action
h5. Environment - run JIRA from atlas-debug - JIRA 7.0.5 - JIRA Service Desk 3.0.5 h5. Steps to reproduce Create Service Desk project go to Administration - Automation tab click New rule - Custom rule add Trigger Issue Created add Action Add comment put some Comment text and select Internal as...
Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances
Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...
Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances
Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...
One FishEye admin can get access to repository password provided by another admin
It was possible to retrieve the repository passwords provided by another administrator via web browser session. It was fixed now, so password can still be changed or unset if necessary, but it is not possible to read its contents...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
Enable X-FRAME-Option in HTTP response headers in order to provide clickjacking protection
Crowd is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to frame crowd from a page hosted in a different domain and trick the user into performing an action they did not intend to perform, for example changing their display name. This issue can be...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Upgrade to version 3.2.2 of apache commons-collections
quote This v3.2.2 release is a bugfix release, fixing several bugs present in the previous releases of the 3.2 branch. Additionally, this release provides a mitigation for a known remote code exploitation via the standard java object serialization mechanism. By default, serialization support for...
XSS in review file paths
We have identified a XSS vulnerability introduced in Crucible 3.9.0. Fix was included in 3.9.1 version released publicly on September 10th, 2015...
Prevent Activity feed information leakage by allowing permanently disabling of it
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...
Migrating JIRA/Confluence from Cloud to Cloud reactivates inactive users
h3. Summary Admin migrated a Cloud instance of JIRA/Confluence to a new base URL. During the migration to the new JIRA/Confluence instance, inactive users became active. h3. Environment JIRA Cloud Confluence Cloud h3. Steps to Reproduce Create a user in JIRA Cloud Deactive user. Make inactive...
SEN available in HTTP Response headers
Cloned from JRA-45188 h3. Summary Seems we're giving away our Support Entitlement Numbers SEN in our HTTP response headers. Risk here is that users who obtain these can then get free support in SAC. h3. Environment JIRA and Confluence Server JIRA and Confluence Cloud Potentially other apps h3...
Disabled Users Receive Notification from Team Calendar
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...
As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis
h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis. At the moment, the setting is applied at a global basis, which does not work if you want attachments to be downloaded/displayed inline depending on the...
Users with only View Space permission are able to edit Space Questions
h2. Problem Summary Users are able to edit any Space Questions as long as they have View permissions for that space. This includes questions asked by other users. Users do not need to have Space Admin or even Add/Edit Page permissions to the space, only View is required. This is inconsistent when...
Advanced JQL Search does not Respect User email visibility Hidden
h4. Problem The advanced JQL autocomplete functionality is still showing email addresses, ignoring the User email visibility option. Basic mode does not show emails See screenshots h4. Steps to Reproduce Set User email visibility to Hidden JIRA Administration System General Configuration Edit Use...
Advanced JQL Search does not Respect User email visibility Hidden
h4. Problem The advanced JQL autocomplete functionality is still showing email addresses, ignoring the User email visibility option. Basic mode does not show emails See screenshots h4. Steps to Reproduce Set User email visibility to Hidden JIRA Administration System General Configuration Edit Use...
Sensitive information displayed in anonymous REST API calls
h4. Expected behavior Block sensitive information from being displayed on anonymous REST API calls in JIRA. h4. Actual behavior Users' full-name are displayed when running the calls below: noformat /user/picker?query= /groupuserpicker?query=ali&showAvatar noformat Default fields and custom fields...
Restrictions not applied for inline comments in attachments
When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
Application Navigator shows full list of links, including restricted ones
If a user has access to JIRA, but not Confluence, and try to go to a Confluence page, the access error page itself will have the hamburger menu with a full, unrestricted list of all links set up. We have a couple links pointing to code repositories and an older, archived issue tracker. The former...
Administrator role has access to restricted pages
Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...
Administrator role has access to restricted pages
Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...
Information disclosure - full path disclosure
Jira displays charts on the dashboard by writting a temporary file in Jira "tmp" folder and reading it through a page called "charts" When the filename provided to this page is not present, an error message displays the full path to the "tmp" folder, which lies in Jira directory. This is a...
Stash email settings fields can be inadvertently be populated by browser with user login details - security issue
The email and username password in the email server settings screen has the same names as the username and password fields when logging in. This has the unintentional side affect of being pre-populated by your browser if you have left the mail server credentials blank and your browser has saved...
Project administrator is able to migrate Permission Scheme
panel:title=Atlassian status update as of 12th July 2018 Hello Customers, We’ve addressed this bug and the fix is available on all version of Jira Service Desk 3.9 and above. For more information please refer to the documentation here...
Bitbucket repository configuration doesn't offer SSH
When you add a new Bitbucket repository, you can only enter a username/password for authentication. If you want to use SSH, you should fallback to the generic 'Git' repository host. SSH should be offered as an option in the Bitbucket configuration. As an intermediate solution you can add a...
Confluence Security Settings not respected by Confluence Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...
Disabled users still recieve 'Share Page' emails sent to groups
Steps to Reproduce in Confluence: Create a user, and set to 'Disabled' Create a Group and make this user a member of this group Share a page with the group This results in an email being sent to the inactive user Steps to Reproduce with a Crowd server handling user management: Same as above, but...
Disabled users still recieve 'Share Page' emails sent to groups
Steps to Reproduce in Confluence: Create a user, and set to 'Disabled' Create a Group and make this user a member of this group Share a page with the group This results in an email being sent to the inactive user Steps to Reproduce with a Crowd server handling user management: Same as above, but...
Draft retrieval in the editor doesn't respect page or space permissions
Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...
Child pages permissions are not respected in Popular Tab
mfernandezbadii posted this on CONF-33207: quote I found that restricted child pages not the whole space, will still show on the Popular Tab. Example: User can browse a Space. Restricted page is created and user can't browse it or see it in the Popular Tab. Child page is created: User can't brows...
Escape or filter script tags in "all activity" panel
We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...
Reflected XSS affecting Confluence via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
Reflected XSS affecting JIRA via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
Crowd User Directory application password stored in plain text
Table: cwddirectoryattribute Column: attributevalue How to Verify in my environment: Connect to JIRA database using psql and run query: code select attributevalue from cwddirectoryattribute where attributename = 'application.password' code Note how the returned value is the plain text value of th...
Stash uses plain text passwords in the database for the Crowd User Directory
I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...
Persistent Cross Site Scripting Flaw in User Profiles
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...
Indexable User Content (Attachments) on Google
User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rules such as those in /robots.txt. Additionally, such content being indexed can be removed from Google by consulting Google's Webmaster tools. An example of indexable content is below:...
Multiple CSRF vulnerabilties in Question/Answer Threads
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such...