4295 matches found
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
Access to all question drafts in private spaces via API
h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...
JIRA Anonymous User Able To Search Creator Name In JQL Search When Key In Full User Name Even When Browse User Permission Doesn't Allow Anyone
h3. Summary JIRA Anonymous User Is Able To Search For Creator Name Via JQL Search Screen|http://localhost:8080/issues/?jql= By Insert Full User Name Even When Browse User Global Permission Doesn't Allow "Anyone". This is definitely not an expected behavior if "Browse User" wasn't set to anyone...
Oracle Security Patched DB Driver Not Working
+Issue Summary+ Following a recent security patch by Oracle for the ojdbc6.jar driver as fix for CVE-2016-3506. p23727132112040Generic.zip, available in Oracle Support download area, applying the patch to Confluence breaks Confluence with Confluence throwing: code Caused by: java.sql.SQLException...
Denial of Service attack through vulnerable Xerces-J library
quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...
Jira Server and Data Center affected by Tomcat CVE-2021-25329 and CVE-2021-25122
Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2021-25329|https://nvd.nist.gov/vuln/detail/CVE-2021-25329 and CVE-2021-25122|https://nvd.nist.gov/vuln/detail/CVE-2021-25122. The affected versions are before version 8.17.0. ...
Information Disclosure using JQL function membersOf - CVE-2020-36286
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly...
XSS via project configuration - CVE-2019-20416
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the project configuration feature. Affected versions: version 8.3.0 Fixed versions: 8.3.0...
XSS in the IncomingMailServers resource through the messagesThreshold parameter - CVE-2017-18039
The IncomingMailServers resource in Atlassian JIRA from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the messagesThreshold parameter...
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
h3. Issue Summary Unauthorized access to data from the following API even if the public.access.disabled is enabled. /rest/api/2/projectCategory /rest/api/2/resolution /rest/menu/latest/admin h3. Steps to Reproduce - Install Jira 8.13.9 with H2 database - Create a project and some Project categori...
Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. Affected...
Template injection in Jira importers plugin - CVE-2019-15001
h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
XSS in XML export view - CVE-2020-4021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.5 8.6.0 ≤ version 8.8.1 Fixed versions: 7.13.16 8.5....
Improper authentication on Convert Sub-Task to Issue page - CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names Project Key, if it is part of the workflow name Issue Keys Issue Types Status...
Oracle Security Patched DB Driver Not Working
+Issue Summary+ Following a recent security patch by Oracle for the ojdbc6.jar driver as fix for CVE-2016-3506. p23727132112040Generic.zip, available in Oracle Support download area, applying the patch to Confluence breaks Confluence with Confluence throwing: code Caused by: java.sql.SQLException...
Upgrade commons-fileupload to version >= 1.3.2
This is to mitigate CVE-2016-3092 See https://vulners.com/cve/CVE-2016-3092 for details...
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
Information Disclosure in comment restriction feature - CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. Affected versions: version 7.6.17 7.7.0 ≤ version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.6.17...
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037, CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037 Base Score: 5.3 MEDIUM CVE-2021-42340|https://vulners.com/cve/CVE-2021-42340 NVD score not yet...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...
Git downloads over HTTP
SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...
RCE on Confluence Data Center via OGNL Injection - CVE-2021-39114
A user with a valid account on a Confluence Server or Data Center instance is able to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6,...
User Enumeration via /QueryComponentRendererValue!Default.jspa endpoint - CVE-2020-36289
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. The...
IssueLevelSecurity permission check does not work with a DocumentIssueImpl if no security level has been set.
We need to be able to handle per issue permission checks, if no issue security level has been set. The problem is that if no issue level security is set, -1 gets indexed. The permissions code however expects a null value...
org.springframework:spring-web used by Jira 9 contains vulnerabilities
Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808. https://spring.io/security/cve-2024-38808 https://asecurityteam.atlassian.net/browse/VULN-1409329...
DoS (Denial of Service) in Confluence Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...
Information Disclosure via QueryCompenentRenderer API
Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint. Affected versions: version 9.5.1 Fixed...
Unicode characters allow malicious code to be hidden from a human reviewer (Bamboo) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Bamboo where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the browser or cod...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Update application links to 5.4.23 to fix CVE-2020-5398
Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component. The affected versions are before version 4.8.6. Affected versions: version 4.8.6 Fixed...
SSRF in Dashboard & Gadgets - CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...
CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
The Confluence HipChat plugin exposed the secret key it used to communicate with a linked HipChat service in various pages. For this vulnerability to affect your Confluence instance you must have a HipChat integration established. To exploit this issue, attackers need to have access to a Confluen...
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-61803. panel The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
Upgrade bundled Tomcat to the latest minor release
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabilitie...
Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Fisheye before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
XSS in review dashboard through a custom filter title - CVE-2017-9507
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the review filter title parameter...
Multiple Vulnerabilities in JIRA Workflow Servlet
||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...
Macro browser breaks https secure connection
h3. Issue Summary Macro browser loads http insecure resources including a data:image/png and a testing mocking resource http://example.com/bla-bla-bla h3. Environment Optional - If Applicable h3. Steps to Reproduce Create a page Open macro browser h3. Expected Results Connection remains secure h3...
Bitbucket Data Center - Path traversal in the migration tool leads to RCE - CVE-2019-3397
h3. Issue Summary Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code executio...
Stored XSS in Confluence / Links in Code Block
This is reported from bugcrowd: publish code block with content single quotes included: 'https://w3.org/"style="width:100%;height:100%;position:fixed;left:0;top:0"onmousemove=alert1//' That should work both in comment and article sections...
Upgrade spring-core for CVE-2023-20860
h3. Issue Summary Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860|https://vulners.com/cve/CVE-2023-20860: /app/WEB-INF/lib/spring-core-5.3.23.jar /opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar Bitbucket isn't known to be vulnerable, b...
CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes
Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...
CVE-2015-6576: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface...
XSS in the MigratePriorityScheme resource - CVE-2019-11584
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the priority icon url of an issue priority...
Denial of Service attack through vulnerable Xerces-J library
quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...
[BUG] Unauthenticated issues enumeration through API
I detected that in JIRA onprem with API REST exposed an attacker that knows or discover the name of a project can enumerate the issues that exists related to the project. All of this without logged in on JIRA or any credentials. The response of the server changes when the issue exists on the...