Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2013/10/30 9:24 a.m.21 views

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2013/10/24 7:34 a.m.21 views

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2013/10/17 4:58 a.m.21 views

Miscellaneous actions are vulnerable to CSRF

This issue is to track the following subset of actions from CONF-27690: StartClusterAction, execute ExternalUserConnectivityAction, execute HandleNameConflictsAction, execute FlushIndexQueueAction, execute ContentRemigrationAction, execute...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/10 11:28 p.m.21 views

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/08 4:38 a.m.21 views

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 11:7 a.m.21 views

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 9:22 a.m.21 views

RSS Macro should not trust all content from the origin server by default.

The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 9:6 a.m.21 views

Persistent cross-site scripting (XSS) via DailyMotionRenderer

A number of renderer classes used by the widget macro were previously identified that contained URL validation flaws leading to persistent cross-site scripting XSS vulnerabilities. The modified classes now make use of the isUrlMatch method from the WidgetConnectorUtil class in the implementation ...

6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/30 7:48 a.m.21 views

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/27 6:49 a.m.21 views

SSL Cipher suites are not configurable

Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 5:6 p.m.21 views

User invite functionality available to non-admins

The REST API which manages user invites ensures that only adminstrators can generate a new invite token. However, no similar access controls are present on the methods which are used to invite new users, or to revert to the previous security token – these can be successfully called by any...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.21 views

Implement clickjacking protection on https://answers.atlassian.com/

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.21 views

Implement clickjacking protection on https://answers.atlassian.com/

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/18 11:49 p.m.21 views

Can force a Java heap space OOME when passing a high startIndex value in the URL

h4. Steps to reproduce Start Confluence 5.2.3 Navigating to the following URL: http:///dosearchsite.action?queryString=1&startIndex=268435455 or some other high startIndex value The browser will spin, and logs will eventually display an out-of-memory error code 2013-09-18 17:13:19,808 ERROR...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/18 11:49 p.m.21 views

Can force a Java heap space OOME when passing a high startIndex value in the URL

h4. Steps to reproduce Start Confluence 5.2.3 Navigating to the following URL: http:///dosearchsite.action?queryString=1&startIndex=268435455 or some other high startIndex value The browser will spin, and logs will eventually display an out-of-memory error code 2013-09-18 17:13:19,808 ERROR...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 6:43 a.m.21 views

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 6:17 a.m.21 views

Resource file path traversal in IconDownloadResourceManager

To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/11 8:30 a.m.21 views

getRedirect in JiraWebActionSupport redirects to unsafe URLs by default

In jira-components/jira-api/src/main/java/com/atlassian/jira/web/action/JiraWebActionSupport.java the following code is found: code:java / Redirects to the value of @code getReturnUrl, falling back to @code defaultUrl if the @code returnUrl is not set. This method clears the @code returnUrl. If...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/11 7:3 a.m.21 views

Arbitrary file creation in AbstractRendererExporterImpl

To reproduce: 1. Create a new space. 2. Create a new page. 3. Attach a file called test.txt to the page. 3. Edit the page, and add an image with the URL: code /confluence/s/download/attachments/pageid//../../../../../../../../../../../../tmp/test.txt code \pageid\ must be replaced with the actual...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2013/08/26 11:42 p.m.21 views

CSRF in gadgets plugin

The affected methods are: AddOrRemoveGadgetSpecAction, doAdd AddOrRemoveGadgetSpecAction, doRemove AddOrRemoveGadgetFeedAction, doAddGadgetFeed AddOrRemoveGadgetFeedAction, doRemoveGadgetFeed WhitelistAdminAction, doAddWhitelistUrl WhitelistAdminAction, doRemoveWhitelistUrl RevokeOAuthTokensActio...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/20 2:11 a.m.21 views

Regression - "Browse Project" permission for "Reporter" grants users to see projects they are not permitted to.

Regression of JRA-4935 When i add the "Reporter" to the "Browse Project" Permission of one project. This project instantly becomes visible to ALL usersvia the project table portlet, if they have any kind of permission to see this project or not. So all users can see this project, but can't see an...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/03 8:0 a.m.21 views

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.21 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Sav...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/16 4:47 p.m.21 views

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/01 4:53 a.m.21 views

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/26 2:56 p.m.21 views

Agile board "Add Status" button is not available unless you are member of jira-administrators

As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/05/13 2:46 p.m.21 views

https://jira.atlassian.com/500page.jsp

this page shows all the data about JIRA instance to intruder. It makes it more vulnerable when you know the whole setup...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/29 3:41 a.m.21 views

SPAM via Answer

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47171. panel I have received an email notification containing a link as an aswer one of my questions. It turns out that a spam....

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.21 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/04/15 3:54 a.m.21 views

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/10 7:5 p.m.21 views

SSL Enabled but some link point to http:// instead of https://

This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/20 6:9 a.m.21 views

Custom Seraph Authenticators broken in Confluence 5.0

The constructor signature of com.atlassian.confluence.event.events.security.LoginEvent changed between Confluence 4.3.x and 5.0 - an additional String parameter was added to the constructor. From this: code public LoginEventObject src, String username, String sessionId, String remoteHost, String...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/18 8:33 a.m.21 views

Activity stream not respecting parent page restrictions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...

1AI score
Exploits0
Atlassian
Atlassian
added 2013/03/06 1:6 a.m.21 views

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/08 12:24 p.m.21 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /atlassian-jira/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2013/01/02 2:49 a.m.21 views

Unsafe i18n calls

The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties. Additionally, seemingly safe changes to these i18n keys...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:52 p.m.21 views

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:33 p.m.21 views

Fix XSS vulnerabilities in managereferrers.vm and importword.vm

Scope of this issue is to address two specific XSS vulnerabilies. The scope of fixing i18n parameters is tracked elsewhere|https://jira.atlassian.com/browse/CONF-15548. Please see the comment below for...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/05 10:10 a.m.21 views

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

3.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 3:43 a.m.21 views

Reflected xss in the System Notifications administration resource

The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters. For example: 1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action 2...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/04 12:4 a.m.21 views

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.21 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/12 6:20 p.m.21 views

User email showing in suggestions section with visibility set to hidden

Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Email Visibility set to show user emails Assign issue to test user Set Email Visibility to Hidden Go to assign issue and search for user in the Assignee field Previous...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/12 3:55 a.m.21 views

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/07 4:57 a.m.21 views

The application should return caching directives instructing browsers not to store local copies of any sensitive data.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/29 11:13 a.m.21 views

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/20 6:19 a.m.21 views

GH Webwork actions are vulnerable to XSRF.

GHCreateNewIssue.jspa is not protected against XSRF attacks. Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa...

3.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/16 2:13 p.m.21 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 5:34 a.m.21 views

ValidationHash generation should use random.SystemRandom instead of random class

ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a random seed for new hash objects. code from random import Random .... class ValidationHashManager models.Manager : def generatemd5hash self, user, type, hashdata, seed : return md5...

0.6AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295