4295 matches found
XXE (XML External Entity Injection) org.apache.tika:tika-parsers Dependency in Crowd Data Center and Server
This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML...
DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 9.15.2, 9.16.0, 9.17.0, 10.1.1, 10.3.13, 11.2.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java...
XXE (XML External Entity Injection) in Crowd Data Center and Server
This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...
XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Crowd Data Center and Server
This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity XXE XML External Entity Injection vulnerability was introduced in versions 6.3.0, 6.3.1, 6.3.2, 7.1.0, and 7.1.1 of Crowd Data...
RCE (Remote Code Execution) in Jira Software Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 11.2.0 of Jira Software Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated...
DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 5.10.0, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.0, 11.0.0 and and 11.1.0 of Jira Service Management Data Center and Server. This...
Third-Party Dependency in Crowd Data Center
Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...
MITM (Man-in-the-Middle) org.apache.httpcomponents.client5:httpclient5 Dependency in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.23, 10.3.7, 10.5.1, 10.6.0, and 10.7.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
MITM (Man-in-the-Middle) org.apache.httpcomponents.client5:httpclient5 Dependency in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.4, 9.4.0, and 9.5.1 of Confluence Data Center and Server however LTS version 8.5 is not affected by this CVE. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, and 10.6.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...
Improper Authorization org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...
DoS (Denial of Service) Third-Party Dependency in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, and 10.6.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Security vulnerability: Poor error handling in project gadget shows stack trace to user
Security vulnerability: Poor error handling in project gadget shows stack trace to user...
Redirect from searchrequest.html page to login screen
h3. Issue Summary Hello team, We would like to open an improvement request to allow the searchrequest.html page to be redirected to the login page if the user is not logged on. This desired behavior is similar to the issue view page, since it automatically redirects you to the login screen if...
JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels
h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...
UI Redressing (Clickjacking) with SSO Plugin for Data Center
h3. Problem Related to CONFSERVER-29230 When we enable the SAML login on General Configuration - Authentication, the Confluence login page shows inside an iframe. When disabled it doesn't show as expected with the Clickjacking disabled by default. In the gif attached, replicated the error on our...
Creating tickets via mail adds recipient address to watchers, without necessary permissions
h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce create an email channel for Jira with the email address of a user without license in Jira the user should exist in Jira and not have application access configure the mail puller to create tickets for the email sende...
Unauthorised users who make multipart requests have this data written to disk momentarily
h3. Issue Summary When a multipart request is made to a Confluence server, the multipart data is usually saved to a temporary directory prior to determining whether a user is authorised to access that URL. This is due to both application and library WebWork/Struts design where permission checks...
Denial of service attacks due to use of vulnerable version of apache-commons-compress package
Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from versi...
Replaying / intercepting a password reset POST request can allow for valid username enumeration
h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...
Unauthenticated users can inject messages into the XSRF token error page
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to display arbitrary messages in the application via an injection vulnerability in the XSRF token error page. The affected versions are before version 8.5.14, and from version 8.6.0 before 8.12.1. ...
Adding an extra forward slash '/' in the download attachment URL results in a stack trace.
h3. Issue Summary Adding an extra forward slash '/' in the download attachment URL results in a stack trace. h3. Steps to Reproduce Append an extra slash to a download attachment URL, similar to this: code:java http://:///download/attachments code h3. Expected Results A 'page not found', 404 or...
Comment button visible to users without permission on boards
h3. Issue Summary When a project's permissions are set to allow viewing by any logged in user, but commenting is limited to specific project roles, if a user attempts to comment from a board, the button is available to them and they see the following error message: panel:bgColor=eeeeee...
Linking image renders image as HTTP instead of HTTPS
h3. Issue Summary Linking existing image on Confluence page will appear as broken image due to mix content. The request url is rendered with HTTP instead of HTTPS. h3. Steps to Reproduce Create/edit a page. Click + and select Files and images. Attach an image to the page. Click on image and then...
User are receiving mobile notifications of restricted Jira comments that they cannot view when accessing Jira through a browser
Hi Jira Server mobile app beta users, We recently discovered a bug where Jira Server mobile app users receive all comment notifications from Jira issues they’re watching or assigned to, even if the comment had been restricted to exclude them. This means they’ll be able to view the content of...
Security clean up /plugins/servlet/Wallboard.old 200 response
A low risk Path-Based Vulnerability exists at /plugins/servlet/Wallboard.old. Stylesheets and basic html page load for page that should not exist/deprecated...
Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch
I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...
Move sensitive information out of Synchrony JVM arguments
h3. Issue Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information vi...
Encrypt password variables in VARIABLE_CONTEXT and VARIABLE_BASELINE_ITEM tables
h3. Problem Definition Currently, Bamboo password variables are not encrypted in the VARIABLECONTEXT and VARIABLEBASELINEITEM tables, even though they are encrypted in VARIABLEDEFINITION h3. Suggested Solution Encrypt passwords in VARIABLECONTEXT and VARIABLEBASELINEITEM tables h3. Workaround...
Administrators should have the ability to restrict access to the System dashboard
Administrators should have the ability to restrict access to the System dashboard which by default is available to the public...
Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file
Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...
Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file
Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...
Non-admin User Should not be able to see all users/groups in drop down
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Portfolio Server. Using JIRA Portfolio Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JPOCLOUD-1781. panel h3. Summary In Plan configuration Permissions Plan access. Non-admin users can try to add Viewers and see all...
Non-admin User Should not be able to see all users/groups in drop down
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Portfolio Cloud. Using JIRA Portfolio Server? See the corresponding bug report|http://jira.atlassian.com/browse/JPOSERVER-1781. panel h3. Summary In Plan configuration Permissions Plan access. Non-admin users can try to add Viewers and see al...
Permission issue when configuring Default Reviewers
Certain permissions relating to Default Reviewers could be circumvented by authenticated users...
Update atlassian-gadgets in JIRA Server to fix AG-1502
Now that https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets to a version that contains a fix for it. In this case JIRA Server would update atlassian-gadgets to a version = 4.2.14...
XSS in newFileName Field
From an external report: quote Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the...
bitbucket attempted security breach
Bitbucket https://bitbucket.org/socialauth/migrate/?next=/ is asking for my atlassian password. Asking for a password for another website is at best bad practice...
Adding a group as a reviewer fails when the group id contains special characters because is not encoded
h3. Summary Groups containing special characters e.g. or / cannot be added as Reviewers. h3. Steps to Reproduce Create a group with a special character in it in an external user directory e.g. JIRA or LDAP Synchronize the group to FishEye Add the groups as a reviewer to a review h3. Expected...
Forms that use the GET method cause the XSRF token to be added to the URL
h5.Steps to Reproduce: In Confluence, visit the "My Profile" page /users/viewuserprofile.action Click "Edit Profile" Note that no atltoken is present in the URL. Click "Settings" /users/viewmysettings.action Click "Edit" Note that the atltoken value is present in the URL. h5.Cause Some forms are...
Cannot sign commits and tags for Git Flow
The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...
Moving or deleting an issue leaves the empty attachments subdirectory on the filesystem
To reproduce: Create an issue Attach a file to it Locate the file on the JIRA-server filesystem -- under JIRA "home" directory attachments/..../PROJECT-ISSUE Move the issue to a different project or delete it completely Observe the empty issue subdirectory remaining on the filesystem The director...
users without "delete attachment permission" can delete attachment
go to space tools permissions and remove the permission of user X to delete attachments go to a page of that space which contains an attachment go to attachments no "delete" link available / expand an attachment to see older versionns including current version for each version there is the...
Security Issue with multimedia playback on Mac OSX
Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to make it work, and I would like to be able to disable these plugins as soon as possible. Can you please update your code for this as outlined here: https://support.apple.com/en-au/HT20508...
Enabling SSL Broker for Remote Agents breaks Elastic Agent connectivity
h3. Summary When enabling SSL connectivity for remote agents by changing the Broker URL and Broker Client URL protocols from tcp:// to ssl://, elastic agents are no longer able to connect h3. Steps to Reproduce Start an Elastic Agent and run a test build to confirm Elastic Agents are connecting...
Responses with Set-Cookie header cached
h3. Context We have Confluence running with SSO from Crowd. Confluence is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get...
Project Administrators can adjust permission schemes without having the permission
h3. Summary When alterations to a permission scheme of a Service Desk projects have been made, the project administration page can display an error message as described on the following page: https://confluence.atlassian.com/servicedesk/resolving-permission-scheme-errors-660967497.html In order t...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Log forging vulnerability
It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...
Disable Quartz Phone Home
Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...