Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2013/10/01 11:7 a.m.21 views

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 9:22 a.m.21 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 9:6 a.m.21 views

Persistent cross-site scripting (XSS) via DailyMotionRenderer

A number of renderer classes used by the widget macro were previously identified that contained URL validation flaws leading to persistent cross-site scripting XSS vulnerabilities. The modified classes now make use of the isUrlMatch method from the WidgetConnectorUtil class in the implementation ...

6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/30 7:48 a.m.21 views

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/27 6:49 a.m.21 views

SSL Cipher suites are not configurable

Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.21 views

Implement clickjacking protection on https://answers.atlassian.com/

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.21 views

Implement clickjacking protection on https://answers.atlassian.com/

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2013/09/18 11:49 p.m.21 views

Can force a Java heap space OOME when passing a high startIndex value in the URL

h4. Steps to reproduce Start Confluence 5.2.3 Navigating to the following URL: http:///dosearchsite.action?queryString=1&startIndex=268435455 or some other high startIndex value The browser will spin, and logs will eventually display an out-of-memory error code 2013-09-18 17:13:19,808 ERROR...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/18 11:49 p.m.21 views

Can force a Java heap space OOME when passing a high startIndex value in the URL

h4. Steps to reproduce Start Confluence 5.2.3 Navigating to the following URL: http:///dosearchsite.action?queryString=1&startIndex=268435455 or some other high startIndex value The browser will spin, and logs will eventually display an out-of-memory error code 2013-09-18 17:13:19,808 ERROR...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 6:43 a.m.21 views

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 6:17 a.m.21 views

Resource file path traversal in IconDownloadResourceManager

To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/11 7:3 a.m.21 views

Arbitrary file creation in AbstractRendererExporterImpl

To reproduce: 1. Create a new space. 2. Create a new page. 3. Attach a file called test.txt to the page. 3. Edit the page, and add an image with the URL: code /confluence/s/download/attachments/pageid//../../../../../../../../../../../../tmp/test.txt code \pageid\ must be replaced with the actual...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2013/08/26 11:42 p.m.21 views

CSRF in gadgets plugin

The affected methods are: AddOrRemoveGadgetSpecAction, doAdd AddOrRemoveGadgetSpecAction, doRemove AddOrRemoveGadgetFeedAction, doAddGadgetFeed AddOrRemoveGadgetFeedAction, doRemoveGadgetFeed WhitelistAdminAction, doAddWhitelistUrl WhitelistAdminAction, doRemoveWhitelistUrl RevokeOAuthTokensActio...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/20 2:11 a.m.21 views

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL usersvia the project table portlet, if they have any kind of permission to see this project or not. So all users can see this project, but can't see an...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/03 8:0 a.m.21 views

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.21 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Sav...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/30 11:51 a.m.21 views

Better error handling when changing password with LDAP connected

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-34098. panel When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/16 4:47 p.m.21 views

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/11 8:18 a.m.21 views

Some of the REST resources in Navigator plugin are susceptible to XSRF attacks

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example: SaveFilterResource: Allow XSRF attack to change user's filter. SuppressedTipsResource UserSearchModeResource...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/26 2:56 p.m.21 views

Agile board "Add Status" button is not available unless you are member of jira-administrators

As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/04/29 3:41 a.m.21 views

SPAM via Answer

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47171. panel I have received an email notification containing a link as an aswer one of my questions. It turns out that a spam....

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.21 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/04/15 3:54 a.m.21 views

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/10 7:5 p.m.21 views

SSL Enabled but some link point to http:// instead of https://

This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/20 6:9 a.m.21 views

Custom Seraph Authenticators broken in Confluence 5.0

The constructor signature of com.atlassian.confluence.event.events.security.LoginEvent changed between Confluence 4.3.x and 5.0 - an additional String parameter was added to the constructor. From this: code public LoginEventObject src, String username, String sessionId, String remoteHost, String...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/18 8:33 a.m.21 views

Activity stream not respecting parent page restrictions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...

1AI score
Exploits0
Atlassian
Atlassian
added 2013/03/06 1:6 a.m.21 views

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/08 12:24 p.m.21 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /atlassian-jira/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/01/02 2:49 a.m.21 views

Unsafe i18n calls

The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties. Additionally, seemingly safe changes to these i18n keys...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:52 p.m.21 views

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:33 p.m.21 views

Fix XSS vulnerabilities in managereferrers.vm and importword.vm

Scope of this issue is to address two specific XSS vulnerabilies. The scope of fixing i18n parameters is tracked elsewhere|https://jira.atlassian.com/browse/CONF-15548. Please see the comment below for...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/05 10:10 a.m.21 views

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

3.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/10 7:37 a.m.21 views

JIRA REST API makes it easy to harvest email addresses

The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 3:43 a.m.21 views

Reflected xss in the System Notifications administration resource

The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters. For example: 1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action 2...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 3:43 a.m.21 views

Reflected xss in the System Notifications administration resource

The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters. For example: 1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action 2...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2012/10/04 12:4 a.m.21 views

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/07 4:57 a.m.21 views

The application should return caching directives instructing browsers not to store local copies of any sensitive data.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/29 11:13 a.m.21 views

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/20 6:19 a.m.21 views

GH Webwork actions are vulnerable to XSRF.

GHCreateNewIssue.jspa is not protected against XSRF attacks. Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa...

3.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/16 2:13 p.m.21 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/04 9:29 a.m.21 views

Add an option in User Directory settings to make an SSL LDAP connection but without verifying that the hostname and certificate match

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29213. panel Starting JIRA 5.1, the embedded crowd has been upgraded from version 2.3.2 to 2.4. This includes the security fix CWD-2690 won'...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/04 9:29 a.m.21 views

Add an option in User Directory settings to make an SSL LDAP connection but without verifying that the hostname and certificate match

Starting JIRA 5.1, the embedded crowd has been upgraded from version 2.3.2 to 2.4. This includes the security fix CWD-2690 won't be visible to public that has been announced in Crowd 2.3.6 release notes - Crowd 2.3.6 Release...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 5:34 a.m.21 views

ValidationHash generation should use random.SystemRandom instead of random class

ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a random seed for new hash objects. code from random import Random .... class ValidationHashManager models.Manager : def generatemd5hash self, user, type, hashdata, seed : return md5...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/03 7:8 a.m.21 views

XSS vulnerability in Office Connector plugin

From: OFFCONN-81: Using "office excel"-macro as part of viewfile, which is part of office connector plugin seems to open up the possibility to get injected with XSS-code. Steps to reproduce: 1. Create an excel-file with following content in one cell: code '"alert'XSS' code 2. Attach this file to ...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/06 11:36 p.m.21 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2012/05/04 3:19 a.m.21 views

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/04 3:19 a.m.21 views

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2012/04/24 1:41 p.m.21 views

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

7AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295