Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2011/09/07 10:10 p.m.•21 views

View PDF Macro in Office Connector makes http fetch from Adobe from https session

The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...

6.8AI score
Exploits0
Atlassian
Atlassian
•added 2011/09/05 11:26 p.m.•21 views

XSS Vulnerability in Administration Interface of JIRA Bamboo Plugin

We have identified and fixed a cross-site scripting XSS vulnerability in JIRA administration interface. Affected version is JIRA 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various places on the web...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/09/05 3:18 p.m.•21 views

Inline attachment downloads vulnerable to XSS by setting tweaked HTML content type

Please see CONFDEV-9069 https://jira.atlassian.com/browse/CONFDEV-9069 for the current issue addressed at fixing attachment XSS vulnerabilities. --- TLDR: white-list mime-types which can be served "inline" and don't let the user set arbitrary mime-types. I have been having a good laugh sorry...

6.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/08/25 3:13 p.m.•21 views

Better error message when viewing an embedded calendar as an unprivileged user

On our site's dashboard I have a calendar macro defined as: codecalendar:id=8f564b4b-afed-4ceb-b206-2e426f595648,a80c628d-5155-40bc-8a55-0874fb77bf71code The result is something that looks like this: !User with View Rights.JPEG! After using the new features from TEAMCAL-102 to restrict view acces...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/07/12 2:32 a.m.•21 views

GeneralUtil.htmlEscapeQuotes should be annotated HtmlSafe

The GeneralUtil.htmlEscapeQuotes method outputs HTML and thus should be annotated as @HtmlSafe. Not doing so causes its output to be double escaped when automatic escaping is enabled for the plugin/velocity template...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/06/29 5:37 p.m.•21 views

On internal error, JIRA will display error information to the user (in the browser)

When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/05/23 1:48 a.m.•21 views

Members of confluence-administrators receive notifications for comments and attachments on restricted pages

Members of the special confluence-administrators group have access to all content on the site, however they should not see restricted content in search results or get notifications about changes on restricted pages. There is a bug in the permission check for notifications about "contained" object...

3.2AI score
Exploits0
Atlassian
Atlassian
•added 2011/05/06 8:26 p.m.•21 views

When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users

Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...

1.6AI score
Exploits0
Atlassian
Atlassian
•added 2011/04/26 9:8 a.m.•21 views

"Forgot Password" feature should not reveal that a given username exists within Confluence for security reason

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-22388. panel It is possible to see which user exists on Confluence or not from within "Forgot Password" link. This is bad for...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/03/23 2:52 a.m.•21 views

Profile picture thumbnail generation can consume unlimited amount of memory

Discovered a Studio customer, you can upload a very large profile picture to expose the same problem as CONF-21480, just in a different area of the application. We should limit the size of images we're willing to load into memory to avoid this problem with user pictures...

1.6AI score
Exploits0
Atlassian
Atlassian
•added 2011/02/09 1:53 p.m.•21 views

User Enumeration

Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...

1.1AI score
Exploits0
Atlassian
Atlassian
•added 2011/01/03 4:39 p.m.•21 views

Admin menu items displayed to non-admins when accessing "Global Templates" page

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-21562. panel When accessing the "Global Templates" menu as a non-admin, the navigation controls for the administration panel are...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/11/23 3:38 a.m.•21 views

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2010/11/03 3:44 a.m.•21 views

Security Vulnerability in Confluence Remote API

We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/09/27 5:20 p.m.•21 views

Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer

Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/25 1:56 a.m.•21 views

XSS vulnerability in the Office Connector

We have identified and fixed a cross-site scripting XSS vulnerability which may affect Confluence instances in a public environment. The XSS vulnerability is exposed in the document import function of the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/08/18 6:38 a.m.•21 views

websudo annotation backwards compatibility (Confluence 3.3)

Following this guide|http://confluence.atlassian.com/pages/viewpage.action?pageId=219021702, I started to use the websudo annotations to secure an XWork action that would process a form in the space admin tab. The plugin is meant to work with Confluence 3.3 and I haven't released a public version...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/07/13 11:26 a.m.•21 views

sudo is decorated with global decorator

The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/06/21 3:40 a.m.•21 views

XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 1:3 a.m.•21 views

Not all error strings are encoded

A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/19 3:11 a.m.•21 views

brute force password attack protection by default

We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/19 2:59 a.m.•21 views

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

1AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/16 5:9 a.m.•21 views

500page.jsp contains HTTP Header XSS vulnerability

The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/16 5:6 a.m.•21 views

screenshot-redirecter.jsp XSS attach via the afterURL parameter

The screenshot-redirector.jsp does note escape the 'afterURL' URL parameter correctly, leading to an XSS attack vector...

3.3AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/16 5:4 a.m.•21 views

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/03/01 3:54 a.m.•21 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0
Atlassian
Atlassian
•added 2010/02/04 9:0 p.m.•21 views

Confluence adminsistrators can still view a restricted page if the type in the URL or click on a link in an email

If I set page viewing restrictions on a wki page to one group of which I am a member, other users, including confluence adminsistrators, cannot see the page when navigating within the application. If they type in the URL of the restricted page or click on a link to the restricted page, then can...

2.7AI score
Exploits0
Atlassian
Atlassian
•added 2009/11/02 4:19 a.m.•21 views

deleted page is still accessible in Confluence when accessing via viewpage.action?pageId in the url

Deleted pages can still be accessed in Confluence when one enters their pageId in the url. For example: noformat http://confluence.atlassian.com/pages/viewpage.action?pageId=196837485 http://confluence.atlassian.com/display/CONFKB/Office+Connector noformat The links above are referring to the sam...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2009/09/24 7:28 a.m.•21 views

XSS in header for Personal Spaces

Create a user with username "alert'hahahaha' User creates a personal space Try to add a page to the personal space This is caused by code code However since the personal space doesn't work too well with usernames with crazy letters, I don't think its a Blocker...

2.7AI score
Exploits0
Atlassian
Atlassian
•added 2009/09/07 12:12 a.m.•21 views

Logout is not working on QA-EAC

Select 'Log Out' from the user menu. Note that you haven't been logged out...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/17 1:13 a.m.•21 views

XSS vulnerability can be exploited with the Userlister macro

Use the following markup: noformatuserlister:groups=alert'Vulerable'noformat Whenever the page is viewed, the script will be executed...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/17 1:13 a.m.•21 views

XSS vulnerability can be exploited with the Userlister macro

Use the following markup: noformatuserlister:groups=alert'Vulerable'noformat Whenever the page is viewed, the script will be executed...

1.6AI score
Exploits0
Atlassian
Atlassian
•added 2009/08/12 4:55 a.m.•21 views

XSS bug when unfavouriting a dashboard

When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2009/06/18 6:38 a.m.•21 views

XSS vulnerability in space name when page move would create a duplicate

Create a space called alert"XSS"; Find a page named 'Home' in a different space Move this page, choosing the previously created space as the destination The move will fail due to the duplicate page name, and the script will be run...

1.4AI score
Exploits0
Atlassian
Atlassian
•added 2009/05/21 8:5 a.m.•21 views

Viewfile macros do not respect page restrictions

Add a page Set viewing restrictions to user1 only Add an attachment - 'Sample.doc' Log in as user2 - confirm that you cannot see the restricted page Add a page, and use the viewfile macro Enter the location of the attachment on the restricted page The contents of the attachment can now be viewed ...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/05/20 6:9 a.m.•21 views

Jiraissues add icon mapping configuration is susceptible to XSS

Combined with XSRF susceptibility via CONF-15753; you can craft an attack to get elevated privileges in Confluence. !http://img.skitch.com/20090520-x5gug8e8q5snabtmm2i2kdx1p.jpg!...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/04/24 5:21 p.m.•21 views

Shared Filter properties exposed without authentication

Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal. Example 1: Searching filters http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search Example 2: Viewing properties of filters. I can see custom fields, sear...

0.8AI score
Exploits0
Atlassian
Atlassian
•added 2009/04/21 1:28 a.m.•21 views

Import Pages is not restricted to system admins

The Import pages actions is currently restricted to space admins not system admins like it should. Caused by CONF-10039...

2.7AI score
Exploits0
Atlassian
Atlassian
•added 2009/04/10 4:45 a.m.•21 views

Partial space admin permission/authority

I followed these guidelines, but this is not fine grained enough. http://confluence.atlassian.com/display/DOC/Global+Permissions+OverviewGlobalPermissionsOverview-confluenceadmin We need to prevent space admin adding new permission to their space. We prefer to manage space permission by the...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/04/09 1:34 a.m.•21 views

Update JIRA certificate for Screenshot Applet and others. It expires in June 2009

See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/04 6:44 a.m.•21 views

Fix header injection vulnerabilities

A number of vulnerabilities were found during JRA-16024 which expose JIRA to header injection attacks: Note that different application server configurations may expose or hide the presence of a header injection vulnerability. Standalone tomcat is usually not vulnerable. Tomcat 5.5.26 redirects al...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/04 6:44 a.m.•21 views

Fix header injection vulnerabilities

A number of vulnerabilities were found during JRA-16024 which expose JIRA to header injection attacks: Note that different application server configurations may expose or hide the presence of a header injection vulnerability. Standalone tomcat is usually not vulnerable. Tomcat 5.5.26 redirects al...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2008/10/20 8:13 a.m.•21 views

XSS bug in wiki markup link rendering

The following wikimarkup creates links with an onclick event. noformat test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' noformat This is due to the following code in...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/09/15 4:14 p.m.•21 views

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Exploits0
Atlassian
Atlassian
•added 2008/09/08 8:18 a.m.•21 views

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

0.8AI score
Exploits0
Atlassian
Atlassian
•added 2008/08/29 6:36 p.m.•21 views

Pages that inherit page restrictions are not respecting those restrictions after upgrade to Confluence 2.9

Tested and verified in both customer enviornment and in test enviornment. In the event that you have a parent page restriction and a child page that inherits that restriction, upon upgrade, 2.9 will only respect the explicit parent permission in terms of security trims and actual access but not...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2008/08/25 10:33 a.m.•21 views

Hidden pages' content can be viewed without permission using diffpages.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A Page with id 2 is in Space B User cannot see Space A User can see Space ...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2008/08/25 10:28 a.m.•21 views

Hidden pages' content can be viewed without permission using copypage.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A User cannot see Space A User can see Space B The following URL will allo...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2008/07/12 2:44 p.m.•21 views

Confluence breaks SSO integration (PATCH)

A long time ago when I wrote our authenticator for wikis.sun.com, I noticed that under some circumstances our SSO server didn't redirect back to wikis.sun.com correctly. It redirected to a confluence URI without specifying the host and the domain, which resulted in the browser ending up on our SS...

1AI score
Exploits0
Atlassian
Atlassian
•added 2008/06/14 3:37 p.m.•21 views

XSS using onerror

We had a user enter a viagra ad that actual redirected to their site. I think the offending code was here: although obviously they didn't use example.com I've attached the whole page for examination...

2.8AI score
Exploits0
Total number of security vulnerabilities4295