Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2012/09/18 3:36 p.m.•21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/18 3:36 p.m.•21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/09/07 4:57 a.m.•21 views

The application should return caching directives instructing browsers not to store local copies of any sensitive data.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/08/29 11:13 a.m.•21 views

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/08/20 6:19 a.m.•21 views

GH Webwork actions are vulnerable to XSRF.

GHCreateNewIssue.jspa is not protected against XSRF attacks. Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa...

3.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/08/16 2:13 p.m.•21 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/08/04 9:29 a.m.•21 views

Add an option in User Directory settings to make an SSL LDAP connection but without verifying that the hostname and certificate match

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29213. panel Starting JIRA 5.1, the embedded crowd has been upgraded from version 2.3.2 to 2.4. This includes the security fix CWD-2690 won'...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/27 5:34 a.m.•21 views

ValidationHash generation should use random.SystemRandom instead of random class

ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a random seed for new hash objects. code from random import Random .... class ValidationHashManager models.Manager : def generatemd5hash self, user, type, hashdata, seed : return md5...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/03 7:8 a.m.•21 views

XSS vulnerability in Office Connector plugin

From: OFFCONN-81: Using "office excel"-macro as part of viewfile, which is part of office connector plugin seems to open up the possibility to get injected with XSS-code. Steps to reproduce: 1. Create an excel-file with following content in one cell: code '"alert'XSS' code 2. Attach this file to ...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/08 5:13 a.m.•21 views

Several REST interfaces vulnerable to XSRF

Several REST web services are vulnerable to XSRF|https://www.owasp.org/index.php/Cross-SiteRequestForgeryCSRF, allowing malicious web pages to execute them under the context of a logged in users browser. It's understood that JIRA REST interfaces are typically protected against XSRF based on the...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/06 11:36 p.m.•21 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0
Atlassian
Atlassian
•added 2012/05/04 3:19 a.m.•21 views

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/04 3:19 a.m.•21 views

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2012/04/24 1:41 p.m.•21 views

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/04/19 4:31 a.m.•21 views

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/04/19 1:12 a.m.•21 views

restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token

In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/04/12 2:24 p.m.•21 views

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited...

Exploits0
Atlassian
Atlassian
•added 2012/03/22 10:54 p.m.•21 views

Disable browser password save on Admin page in Firefox

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-25008. panel In Chrome, Safari and IE there is no browser prompt to store the password but on Firefox both Mac and Windows I get...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/02/08 4:27 a.m.•21 views

RSS feed over entire site gives information on restricted pages the user should not see

A customer has reported this issue via a comment on the documentation: http://confluence.atlassian.com/display/DOC/Working+with+RSS+Feeds?focusedCommentId=276627497comment-276627497 quote When someone has an RSS feed covering the whole Confluence instance, he is informed about changes in restrict...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2012/02/06 8:21 p.m.•21 views

Comment field on GH cards do not respect the comment visibility.

If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/10/25 3:34 a.m.•21 views

XSS vulnerability in user's profile display name

We have identified and fixed a stored cross-site scripting XSS vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5 XSS vulnerabilities allow an attacker to embed their own JavaScript into a FishEye page. You can read more about XSS attacks at various...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/10/25 3:34 a.m.•21 views

XSS vulnerability in user's profile display name

We have identified and fixed a stored cross-site scripting XSS vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5 XSS vulnerabilities allow an attacker to embed their own JavaScript into a FishEye page. You can read more about XSS attacks at various...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2011/09/07 10:10 p.m.•21 views

View PDF Macro in Office Connector makes http fetch from Adobe from https session

The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...

6.8AI score
Exploits0
Atlassian
Atlassian
•added 2011/09/05 11:26 p.m.•21 views

XSS Vulnerability in Administration Interface of JIRA Bamboo Plugin

We have identified and fixed a cross-site scripting XSS vulnerability in JIRA administration interface. Affected version is JIRA 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various places on the web...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/09/05 3:18 p.m.•21 views

Inline attachment downloads vulnerable to XSS by setting tweaked HTML content type

Please see CONFDEV-9069 https://jira.atlassian.com/browse/CONFDEV-9069 for the current issue addressed at fixing attachment XSS vulnerabilities. --- TLDR: white-list mime-types which can be served "inline" and don't let the user set arbitrary mime-types. I have been having a good laugh sorry...

6.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/08/25 3:13 p.m.•21 views

Better error message when viewing an embedded calendar as an unprivileged user

On our site's dashboard I have a calendar macro defined as: codecalendar:id=8f564b4b-afed-4ceb-b206-2e426f595648,a80c628d-5155-40bc-8a55-0874fb77bf71code The result is something that looks like this: !User with View Rights.JPEG! After using the new features from TEAMCAL-102 to restrict view acces...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/07/12 2:32 a.m.•21 views

GeneralUtil.htmlEscapeQuotes should be annotated HtmlSafe

The GeneralUtil.htmlEscapeQuotes method outputs HTML and thus should be annotated as @HtmlSafe. Not doing so causes its output to be double escaped when automatic escaping is enabled for the plugin/velocity template...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/06/29 5:37 p.m.•21 views

On internal error, JIRA will display error information to the user (in the browser)

When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/05/23 1:48 a.m.•21 views

Members of confluence-administrators receive notifications for comments and attachments on restricted pages

Members of the special confluence-administrators group have access to all content on the site, however they should not see restricted content in search results or get notifications about changes on restricted pages. There is a bug in the permission check for notifications about "contained" object...

3.2AI score
Exploits0
Atlassian
Atlassian
•added 2011/05/18 1:8 a.m.•21 views

HTML file type attachments are automatically rendered in IE.

h1. Steps to reproduce Create following HTML file and upload to any of Confluence page. code alert"Cookie: " + document.cookie; code Open the file on Internet Explorer 7. Then, you will see the javascript in that HTML file executed automatically. Issue happens with IE9,8,7 with Confluence 3.5...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/05/06 8:26 p.m.•21 views

When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users

Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...

1.6AI score
Exploits0
Atlassian
Atlassian
•added 2011/04/26 9:8 a.m.•21 views

"Forgot Password" feature should not reveal that a given username exists within Confluence for security reason

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-22388. panel It is possible to see which user exists on Confluence or not from within "Forgot Password" link. This is bad for...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/03/23 2:52 a.m.•21 views

Profile picture thumbnail generation can consume unlimited amount of memory

Discovered a Studio customer, you can upload a very large profile picture to expose the same problem as CONF-21480, just in a different area of the application. We should limit the size of images we're willing to load into memory to avoid this problem with user pictures...

1.6AI score
Exploits0
Atlassian
Atlassian
•added 2011/02/09 1:53 p.m.•21 views

User Enumeration

Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...

1.1AI score
Exploits0
Atlassian
Atlassian
•added 2011/01/03 4:39 p.m.•21 views

Admin menu items displayed to non-admins when accessing "Global Templates" page

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-21562. panel When accessing the "Global Templates" menu as a non-admin, the navigation controls for the administration panel are...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/11/23 3:38 a.m.•21 views

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2010/11/03 3:44 a.m.•21 views

Security Vulnerability in Confluence Remote API

We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/10/05 12:52 a.m.•21 views

Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication

When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail. h3. Resolution This is fix...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/25 2:4 a.m.•21 views

XSRF vulnerability in the Mail Page plugin

We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Mail Page plugin. Note that the Mail Page plugin is disabled by default. If you do not have this plugin...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/25 1:56 a.m.•21 views

XSS vulnerability in the Office Connector

We have identified and fixed a cross-site scripting XSS vulnerability which may affect Confluence instances in a public environment. The XSS vulnerability is exposed in the document import function of the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/18 6:38 a.m.•21 views

websudo annotation backwards compatibility (Confluence 3.3)

Following this guide|http://confluence.atlassian.com/pages/viewpage.action?pageId=219021702, I started to use the websudo annotations to secure an XWork action that would process a form in the space admin tab. The plugin is meant to work with Confluence 3.3 and I haven't released a public version...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/07/13 11:26 a.m.•21 views

sudo is decorated with global decorator

The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/06/21 3:40 a.m.•21 views

XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 4:22 a.m.•21 views

Require user to answer CAPTCHA after three failed attempts

Require user to answer CAPTCHA after three failed attempts. For SOAP and XMLRPC this means that the user will have to open a browser to answer the CAPTCHA, similar to how google does it. This issue has been rated MODERATE. Please refer to http://confluence.atlassian.com/x/ZILmD for details on oth...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/19 3:11 a.m.•21 views

brute force password attack protection by default

We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/19 2:59 a.m.•21 views

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

1AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/16 5:6 a.m.•21 views

screenshot-redirecter.jsp XSS attach via the afterURL parameter

The screenshot-redirector.jsp does note escape the 'afterURL' URL parameter correctly, leading to an XSS attack vector...

3.3AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/16 5:4 a.m.•21 views

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/03/01 3:54 a.m.•21 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0
Atlassian
Atlassian
•added 2010/02/04 9:0 p.m.•21 views

Confluence adminsistrators can still view a restricted page if the type in the URL or click on a link in an email

If I set page viewing restrictions on a wki page to one group of which I am a member, other users, including confluence adminsistrators, cannot see the page when navigating within the application. If they type in the URL of the restricted page or click on a link to the restricted page, then can...

2.7AI score
Exploits0
Total number of security vulnerabilities4295