4295 matches found
Oracle Security Patched DB Driver Not Working
+Issue Summary+ Following a recent security patch by Oracle for the ojdbc6.jar driver as fix for CVE-2016-3506. p23727132112040Generic.zip, available in Oracle Support download area, applying the patch to Confluence breaks Confluence with Confluence throwing: code Caused by: java.sql.SQLException...
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...
CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...
Git downloads over HTTP
SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...
Upgrade commons-fileupload to version >= 1.3.2
This is to mitigate CVE-2016-3092 See https://vulners.com/cve/CVE-2016-3092 for details...
JQL filter for Webhooks doesn't work correctly when "Comment" and "Worklog" related events are fired - CVE-2017-18104
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-59980. panel h3. Security information The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version...
RCE on Confluence Data Center via OGNL Injection - CVE-2021-39114
A user with a valid account on a Confluence Server or Data Center instance is able to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6,...
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037, CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037 Base Score: 5.3 MEDIUM CVE-2021-42340|https://vulners.com/cve/CVE-2021-42340 NVD score not yet...
User Enumeration via /QueryComponentRendererValue!Default.jspa endpoint - CVE-2020-36289
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. The...
org.springframework:spring-web used by Jira 9 contains vulnerabilities
Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808. https://spring.io/security/cve-2024-38808 https://asecurityteam.atlassian.net/browse/VULN-1409329...
DoS (Denial of Service) in Confluence Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...
Information Disclosure via QueryCompenentRenderer API
Affected versions of Atlassian Jira Server and Data Centre allowed an unauthenticated remote attacker to fetch Issue,Project and Sprint information via Information Disclosure Vulnerability via "/secure/QueryComponentRendererValue!Default.jspa" endpoint. Affected versions: version 9.5.1 Fixed...
Unicode characters allow malicious code to be hidden from a human reviewer (Bamboo) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Bamboo where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the browser or cod...
XSS via project configuration - CVE-2019-20416
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the project configuration feature. Affected versions: version 8.3.0 Fixed versions: 8.3.0...
CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
The Confluence HipChat plugin exposed the secret key it used to communicate with a linked HipChat service in various pages. For this vulnerability to affect your Confluence instance you must have a HipChat integration established. To exploit this issue, attackers need to have access to a Confluen...
Stored XSS via Custom Fields on Screens Modal - CVE-2020-36234
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...
Update application links to 5.4.23 to fix CVE-2020-5398
Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component. The affected versions are before version 4.8.6. Affected versions: version 4.8.6 Fixed...
XSS in XML export view - CVE-2020-4021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.5 8.6.0 ≤ version 8.8.1 Fixed versions: 7.13.16 8.5....
CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerat...
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Fisheye before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
XSS in review dashboard through a custom filter title - CVE-2017-9507
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the review filter title parameter...
Multiple Vulnerabilities in JIRA Workflow Servlet
||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
h3. Issue Summary Unauthorized access to data from the following API even if the public.access.disabled is enabled. /rest/api/2/projectCategory /rest/api/2/resolution /rest/menu/latest/admin h3. Steps to Reproduce - Install Jira 8.13.9 with H2 database - Create a project and some Project categori...
Macro browser breaks https secure connection
h3. Issue Summary Macro browser loads http insecure resources including a data:image/png and a testing mocking resource http://example.com/bla-bla-bla h3. Environment Optional - If Applicable h3. Steps to Reproduce Create a page Open macro browser h3. Expected Results Connection remains secure h3...
Stored XSS in Confluence / Links in Code Block
This is reported from bugcrowd: publish code block with content single quotes included: 'https://w3.org/"style="width:100%;height:100%;position:fixed;left:0;top:0"onmousemove=alert1//' That should work both in comment and article sections...
Upgrade spring-core for CVE-2023-20860
h3. Issue Summary Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860|https://vulners.com/cve/CVE-2023-20860: /app/WEB-INF/lib/spring-core-5.3.23.jar /opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar Bitbucket isn't known to be vulnerable, b...
CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes
Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...
CVE-2015-6576: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface...
Denial of Service attack through vulnerable Xerces-J library
quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...
[BUG] Unauthenticated issues enumeration through API
I detected that in JIRA onprem with API REST exposed an attacker that knows or discover the name of a project can enumerate the issues that exists related to the project. All of this without logged in on JIRA or any credentials. The response of the server changes when the issue exists on the...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Confluence with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information...
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
XSS through the orderby parameter in the issue search resource - CVE-2017-16864
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the orderby parameter...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...
Upgrade bundled Tomcat to the latest minor release
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-33563. panel Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabilitie...
DoS via missing input validation in UserPickerBrowser.jspa - CVE-2019-20413
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability on the UserPickerBrowser.jspa page. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...
XSS in WallboardServlet through the cyclePeriod parameter - CVE-2018-20824
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the cyclePeriod parameter...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
CVE-2023-48795 vulnerability on SSH
panel:title=Strict key exchange support|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa The server now supports strict key exchange in 8.9.10+ LTS, 8.13.6+, 8.14.5+, 8.15.4+, 8.16.3+, 8.17.1+ and 8.18.0+. If old SSH clients that don't support strict key exchange are being...
Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260
There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
Stored XSS in Confluence Server via text/rdf
h3. Issue Summary There is a stored XSS in file upload functionality of Confluence Server 7.3.3. This XSS triggers only in Firefox. Bug Bounty An authenticated attacker can upload specially crafted attachment and achieve stored XSS. h3. Steps to Reproduce Go to any Confluence page Attach xss.txt...
Template injection in Jira importers plugin - CVE-2019-15001
h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...
Anonymous users can view list of installed gadgets in Jira
h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...
Update Apache Struts 2 to avoid CVE-2020-17530
Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...
Missing permission check in review coverage REST endpoint - CVE-2017-18035
The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...
The bundled Atlassian Activity Streams plugin had Improper Access control inside several rest inline action resource resource - CVE-2017-9506
The version of the bundled Atlassian Activity Streams plugin was vulnerable to Improper Access control. This allowed remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have...