Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2015/08/05 1:18 a.m.20 views

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/18 10:7 p.m.20 views

Content Spoofing in AppPortalPage

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/08 11:4 a.m.20 views

"JIRA Project Releases" event should respect Project's permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48963. panel Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. ...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/05/28 8:4 p.m.20 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/04/23 11:6 a.m.20 views

Modernize Confluence Backup & Restore

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-37322. panel As a User in all possible roles in order to save time & money and prevent unintended problems caused by the curren...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/03/10 3:44 p.m.20 views

Expired user in Active Directory do not stop user from cloning via SSH

User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.20 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/14 11:25 a.m.20 views

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2015/01/09 12:12 a.m.20 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to have an account and be able to access the Confluence web interface. All versions of Confluence u...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/18 3:41 a.m.20 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/18 3:41 a.m.20 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/11/21 8:54 a.m.20 views

Restricted page at the Home Page layer is shown at the sidebar page tree

h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/11/14 3:4 p.m.20 views

XSS vulnerability in spacedirectory

Good morning, I wanted to tell you to run vulnerability tests confluence, thrown the same XSS vulnerabilities. Version tested: 5.4.4 What steps should I follow to fix their vulnerabilities? Or vulnerabilities will be resolved for you? I attached the vulnerabilities: 1 GET...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2014/11/03 8:38 a.m.20 views

user receives email notification even though restriction have been applied to the page

Steps to reproduce : Login to Confluence Create a page Insert a team calendar into the page Ask a user A to watch the page Make changes to team calendar User A is receiving email notification for the calendar as expected Creator of the page restrict the page with the calendar from being viewed by...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/30 9:18 a.m.20 views

After disable SSL 3.0 (cause of Poodle) Jira doesn't work

After following this description: https://confluence.atlassian.com/display/JIRA/How+To+Disable+SSLv3+to+Mitigate+Against+POODLE+Exploit+for+JIRA?focusedCommentId=683541348&comment-683541348 Jira doesnt work anymore. Our default server.xml contains following: scheme="https" secure="true"...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2014/10/24 7:13 p.m.20 views

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/07 4:8 a.m.20 views

"Recently updated" plugin can be used to reflect arbitrary static content to browser

This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2014/09/04 1:4 a.m.20 views

Draft retrieval in the editor doesn't respect page or space permissions

Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2014/08/28 1:0 a.m.20 views

Crowd gives more admin permissions than is apparent

When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/26 11:32 p.m.20 views

Forgotten password features leaks information to the user that could be used to gain unauthorised access to Confluence

Using the forgotten password feature in Confluence it is possible to find out which email addresses are stored in the system from the responses given from the form when submitted. These responses need to be made generic so that it is not possible to tell which email addresses are or are not store...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/26 11:32 p.m.20 views

Forgotten password features leaks information to the user that could be used to gain unauthorised access to Confluence

Using the forgotten password feature in Confluence it is possible to find out which email addresses are stored in the system from the responses given from the form when submitted. These responses need to be made generic so that it is not possible to tell which email addresses are or are not store...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2014/08/15 12:38 p.m.20 views

Child pages permissions are not respected in Popular Tab

mfernandezbadii posted this on CONF-33207: quote I found that restricted child pages not the whole space, will still show on the Popular Tab. Example: User can browse a Space. Restricted page is created and user can't browse it or see it in the Popular Tab. Child page is created: User can't brows...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/06 11:30 p.m.20 views

Stored XSS Vulnerability found on Atlassian

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47027. panel Hi ! I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You will...

5.9AI score
Exploits0
Atlassian
Atlassian
added 2014/07/29 4:12 a.m.20 views

Escape or filter script tags in "all activity" panel

We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...

6.1AI score
Exploits0
Atlassian
Atlassian
added 2014/07/19 3:14 p.m.20 views

REST API allows to get worklog from issue without access rights to that issue

On JIRA OnDemand v6.3-OD-08-005-WN also here! it's possible to get worklog by it's ID even if this worklog does not belong to issue passed in API url. Example: On our OnDemand instance I have access rights to . When I add worklog to this issue via REST API, I get its id . Now, when I call GET...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/17 9:19 a.m.20 views

Upgrade to Application Links 4.2.4, SAL 2.12.2+

We have vulnerability in application links: https://jira.atlassian.com/browse/JRA-38918 Bumping applinks to 4.2.4 and SAL to 2.10.20 will fix the problem. Product should implement IFRAME page capability in their login page provided by LoginUriProvider...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/15 8:47 a.m.20 views

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 3:29 p.m.20 views

Subpages don't inherit permissions from parent pages (see comments for solution)

We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/27 7:3 a.m.20 views

Seemingly malformed PNG file will cause JIRA to OOM within seconds

.atlassian.net was chain-OOM-ing earlier today. jworley was able to narrow it down to an image attachment on a particular issue. It's only a 300KB PNG file a screenshot from an Android device but it causes JIRA to OOM almost immediately. I've been able to replicate that behaviour on my jira-dev...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/26 8:0 p.m.20 views

Define the security for which plugins can be used by which users on which pages

This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allowed users. For example: Restrictions based on users and groups Controlled by normal Confluence page edit restrictions as an additional feature for the Tools dropdown. We can see a...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/23 3:45 a.m.20 views

Lack of CSRF protection on Voting

On Confluence Questions, answers and questions can be upvoted by the victim automatically on a question page visit, due to the lack of CSRF protection. When up voting a question manually, whilst on the question page, a single post request is issued: e.g. POST...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/18 2:46 p.m.20 views

Removing user from LDAP doesn't clear LDAP group membership

Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2014/05/26 2:4 p.m.20 views

Persistent Cross Site Scripting Flaw in User Profiles

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/05/22 7:38 p.m.20 views

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2014/05/12 5:43 a.m.20 views

ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

2.6AI score
Exploits0
Atlassian
Atlassian
added 2014/05/12 1:35 a.m.20 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/12 1:35 a.m.20 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was reported by Nakul Mohan , 11 May - the email is too long to reproduce here. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 3:27 p.m.20 views

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2014/04/29 2:0 a.m.20 views

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

1AI score
Exploits0
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.20 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.20 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2014/04/08 3:24 p.m.20 views

Confluence OnDemand dashboard - popular tab - user is shown links to pages they are restricted from viewing

Children of restricted pages do not get hidden from users who do not have permission to see the parent. Steps to reproduce: Create an unrestricted page. Create a child page, also unrestricted. Create a second user. Confirm the user can see the two new pages in their dashboard. Restrict viewing of...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/27 2:46 a.m.20 views

Any user without permission to view the page can view its label

h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.20 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2014/03/11 5:51 a.m.20 views

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/25 3:59 a.m.20 views

Velocity XSS in $space.name

I got the following email from Ulrich Kuhnhardt quote While we were doing some testing with XSS for the shiny new Publishing plugin we found that the velocity renderer does not escape $space.name To reproduce Create a space with name 'alert'bang'css' Create a user macro ’simple-space-name' in...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/02/20 4:9 p.m.20 views

Restricted JIRA comments appear in Confluence notification inbox

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/20 4:9 p.m.20 views

Restricted JIRA comments appear in Confluence notification inbox

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2014/02/18 12:1 a.m.20 views

Content Spoofing in the createrssfeed action

A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/18 12:1 a.m.20 views

Content Spoofing in the createrssfeed action

A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.2AI score
Exploits0
Total number of security vulnerabilities4295