4295 matches found
Hidden pages' content can be viewed without permission using copypage.action
If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A User cannot see Space A User can see Space B The following URL will allo...
Confluence breaks SSO integration (PATCH)
A long time ago when I wrote our authenticator for wikis.sun.com, I noticed that under some circumstances our SSO server didn't redirect back to wikis.sun.com correctly. It redirected to a confluence URI without specifying the host and the domain, which resulted in the browser ending up on our SS...
XSS using onerror
We had a user enter a viagra ad that actual redirected to their site. I think the offending code was here: although obviously they didn't use example.com I've attached the whole page for examination...
SSO credentials not used in IssueViewURLHandler
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-15048. panel A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link ...
XSS in DWR
Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example...
Manage Watchers shows users with no permission
We have just upgraded to Jira 3.12.2 and like the new functionality when adding watchers to an issue. There is one problem with this though. It is showing all users, including users with no permissions. This means that all employees that stopped working here will show in the drop down. We do not...
Remember my password with LDAP
At the login screen, when we click on 'Remember my login on this computer' and login, everything works well. When we close the browser without logout, the login should be remember on this computer. When we try to get back into Jira, here's the bug that we have into our log file. 2008-04-22...
Some users' logins are not remembered using Tomcat
When using Confluence, and Tomcat 5.5.26 or Tomcat 6 some users may find that their logins are not remembered. This is because of a bug in Tomcat's cookie handling. This is logged against the Atlassian Seraph library used by Confluence as SER-117. SER-117 has been fixed, so we "just" need to use ...
XSS vulnerability in browseusers.vm
browseusers.vm does not escape usernames...
Watchers can see comments that they are not supposed to see via email notifications
We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...
Watchers can see comments that they are not supposed to see via email notifications
We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...
Watchers can see comments that they are not supposed to see via email notifications
We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...
Seperate label permissions from edit issue permission
In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...
Trusted authentication doesn't work for Confluence users with uppercase usernames
Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...
Moving an issue from a project with Issue Security to a project without does not clear out the security
To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...
JIRA Portlet Macro not displaying when authenticating using the trusted application between JIRA and Confluence
We're having issues using the JIRA portlet macro jiraportlet on pages inside Confluence. Whenever we try to use this macro using the trust between JIRA and Confluence for authentication, the macro does not display on the page. There aren't any errors, it just doesn't appear. code...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
You are able to delete a Custom Field that is referenced in Permission settings.
If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
Username upper case are not being restricted in some pages
Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...
Username upper case are not being restricted in some pages
Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...
Move velocity templates and other web resources into WEB-INF in the Confluence webapp
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-9730. panel It presents a small information leak, and is just tidier if we put all the internal stuff into WEB-INF...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
Cross-site scripting vulnerability in /dashboard.action
The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack. 1 of 3 Cross-Site Scripting in Parameter Name Severity: High Test Type: Application...
XSS Bug in printable link display
A Cross sites scripting vulnerability exists in macro used to render the 'printable' link. Here is an exploit for the vulnerability that works https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert'Watchfire%20XSS%20Test%20Successful'%3C/script%3E Bug was found using APPScan...
Only allow basic formatting macros in comments
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-9387. panel Currently it is possible for users with create comments permission to embed macros in these comments. This is a...
Unwanted Access to File System via Import Pages Functionality
security vulnerability found in Confluence 2.5.6 Space administrator can use the "Import Pages from Disk" feature to browse the server file system by pointing the importer at "/" folder or any other folder. Because this folder doesn't contain expected files, an error message is displayed,...
Max label limit can be passed by adding labels via ajax
For CONF-8978, limits were implemented on how many labels can be added in one submit by various "add label" screens, and how many labels can be set on an edit page/edit news screen. However, there is nothing to prevent extra labels being added by the "add label" screens beyond the number allowed ...
XSS vulnerability: space name and key not validated nor escaped
Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...
Security issue: user can copy page with only view permissions
I have a user who only has view permissions to a space. Logging on as that user, I went to the Info tab of a page. The Copy operation appeared, and I was able click the link, edit the copied page, and save it. This must be a security hole?...
CommentService validation methods do not check user's security level
The validateCommentUpdate, hasPermissionToUpdate and hasPermissionToDelete methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment...
Authentication via os_username and os_password URL params is broken
Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...
Make anonymiser more strict about the translation of values
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-12420. panel the anonymiser replaces letter and number characters in string values during xml backup. A more strict anonymiser would replace...
Make anonymiser more strict about the translation of values
the anonymiser replaces letter and number characters in string values during xml backup. A more strict anonymiser would replace more characters. For passwords in particular i.e. mail server passwords this could increase security by translating all characters except whitespace. Whitespace should b...
Deleting a custom field which has an issue security scheme or permission scheme on it causes system error
A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...
Data anonymiser does not blank out SMTP server username and password
SMTP server username and password are readable in database/xml export: This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values. ---- Username and password should be encoded format in database...
Deleting user does not remove the user from a permission scheme
If a single user is added to a permission in a permission scheme, deleting this user will not remove him/her from the permission scheme. This results in stack traces in the logs such as: noformat 2007-02-14 14:10:57,882 WARN atlassian.jira.scheme.AbstractSchemeManager 'fred' is not a valid user...
Project admin is presented with an option to select a Screen Scheme
The option of changing the scheme should only be given to the global admins...
LDAP authentication falls back to database check when password is incorrect
If a user is present in LDAP, but the entered password is incorrect, JIRA ought to immediately fail to authenticate them. Instead in 3.2-beta it delegates to the database, and checks the password there...
LDAP authentication falls back to database check when password is incorrect
If a user is present in LDAP, but the entered password is incorrect, JIRA ought to immediately fail to authenticate them. Instead in 3.2-beta it delegates to the database, and checks the password there...
Encrypt all passwords stored on the file system
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-2146. panel Passwords are not encrypted in confluence-mail.cfg.xml nor in confluence.cfg.xml; they should be. Resolve an...
Spam-protection
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-1469. panel We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It...
Applet certificate is not trusted.
You need to get a proper certificate for the applet - or else there will be some disquiet amongst some corporate users - and their IT Security overlords...
Restricted page for a user is getting displayed in "Recently Updated" macro.
h3. Issue Summary Restricted page for a user is getting displayed in "Recently Updated" macro. h3. Steps to Reproduce In confluence 10.2.x create 3 normal users user01, user02, user03. Create a sample space using admin user. Create a page using admin user and add "Recently Updated" macro. Switch ...
DoS (Denial of Service) at postgresql dependency in Crucible Server
This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...
File Inclusion in Jira Service Management Data Center
This High severity File Inclusion vulnerability was introduced in versions 5.15.2, 5.16.1, 5.17.0, 10.0.0, 10.1.2, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 7.1...
DoS (Denial of Service) in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of...
DoS (Denial of Service) com.squareup.okio:okio Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0 not all patched versions - see the fix and affects versions field and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) brace-expansion Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center. This DoS Denial of...
File Inclusion node-tar Dependency in Confluence Data Center
This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2 and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...