Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2023/05/08 2:12 a.m.20 views

Unauthorised users who make multipart requests have this data written to disk momentarily

h3. Issue Summary When a multipart request is made to a Confluence server, the multipart data is usually saved to a temporary directory prior to determining whether a user is authorised to access that URL. This is due to both application and library WebWork/Struts design where permission checks...

7AI score
Exploits0
Atlassian
Atlassian
added 2022/03/16 5:14 a.m.20 views

Admin user can change Base URL without WebSudo validation

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to change the Base URL of a Jira instance via a Broken Access Control vulnerability in the /rest/api/2/settings/baseUrl endpoint. The affected...

5.7AI score
Exploits0
Atlassian
Atlassian
added 2022/02/15 7:50 p.m.20 views

Denial of service attacks due to use of vulnerable version of apache-commons-compress package

Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from versi...

5.7AI score
Exploits0
Atlassian
Atlassian
added 2021/09/29 2:59 p.m.20 views

Replaying / intercepting a password reset POST request can allow for valid username enumeration

h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...

Exploits0
Atlassian
Atlassian
added 2021/04/26 5:57 a.m.20 views

Unauthenticated users can inject messages into the XSRF token error page

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to display arbitrary messages in the application via an injection vulnerability in the XSRF token error page. The affected versions are before version 8.5.14, and from version 8.6.0 before 8.12.1. ...

6.4AI score
Exploits0
Atlassian
Atlassian
added 2021/04/09 3:6 p.m.20 views

Adding an extra forward slash '/' in the download attachment URL results in a stack trace.

h3. Issue Summary Adding an extra forward slash '/' in the download attachment URL results in a stack trace. h3. Steps to Reproduce Append an extra slash to a download attachment URL, similar to this: code:java http://:///download/attachments code h3. Expected Results A 'page not found', 404 or...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2019/08/06 2:4 p.m.20 views

Linking image renders image as HTTP instead of HTTPS

h3. Issue Summary Linking existing image on Confluence page will appear as broken image due to mix content. The request url is rendered with HTTP instead of HTTPS. h3. Steps to Reproduce Create/edit a page. Click + and select Files and images. Attach an image to the page. Click on image and then...

Exploits0
Atlassian
Atlassian
added 2019/04/12 6:34 a.m.20 views

User are receiving mobile notifications of restricted Jira comments that they cannot view when accessing Jira through a browser

Hi Jira Server mobile app beta users, We recently discovered a bug where Jira Server mobile app users receive all comment notifications from Jira issues they’re watching or assigned to, even if the comment had been restricted to exclude them. This means they’ll be able to view the content of...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2018/11/12 5:12 p.m.20 views

Security clean up /plugins/servlet/Wallboard.old 200 response

A low risk Path-Based Vulnerability exists at /plugins/servlet/Wallboard.old. Stylesheets and basic html page load for page that should not exist/deprecated...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/11/07 4:35 p.m.20 views

Setup only possible with sending user statistics

One of our customers reported an error: panel There is a problem with the setup of the new version of SourceTree 3.0.8. In the last screen the preferences are requested. It is not possible to click "Weiter" Continue without checking the second option. !Preferences.png|thumbnail! But this needs to...

2.2AI score
Exploits0
Atlassian
Atlassian
added 2018/06/15 1:10 p.m.20 views

Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch

I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2018/01/04 4:29 a.m.20 views

Avatar Rest API URL return avatar uploaded by user

h3. Summary When the user run REST API URL https://jira.atlassian.com/rest/api/latest/user/avatars?username="username"|https://jira.atlassian.com/rest/api/latest/user/avatars?username=%22username%22 the result will include system avatar and avatar uploaded by that user. For example,...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/09/28 4:21 a.m.20 views

jira xml export does not escape label and component values

searchrequest-sml endpoint html encodes issue description text, but not issue labels or component. This means that other plugins / products relying on this end point for these values are vulnerable to XSS attacks, see linked issue. Please html encode these string values : example...

6.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/08/02 11:27 a.m.20 views

Move sensitive information out of Synchrony JVM arguments

h3. Issue Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information vi...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2017/04/24 9:51 p.m.20 views

Encrypt password variables in VARIABLE_CONTEXT and VARIABLE_BASELINE_ITEM tables

h3. Problem Definition Currently, Bamboo password variables are not encrypted in the VARIABLECONTEXT and VARIABLEBASELINEITEM tables, even though they are encrypted in VARIABLEDEFINITION h3. Suggested Solution Encrypt passwords in VARIABLECONTEXT and VARIABLEBASELINEITEM tables h3. Workaround...

2AI score
Exploits0
Atlassian
Atlassian
added 2017/01/18 5:46 p.m.20 views

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

7.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/09 11:15 p.m.20 views

XSS on Delete Webhook

It was possible for users with JIRA administrator rights to perform an XSS attack through convincing another user, potentially a user with system administrators rights, to delete a specific webhook...

3.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/09 11:11 p.m.20 views

JIRA Server can be DOSed through a specific error page resource.

JIRA had a specific error page resource that when repeatedly accessed could result in more memory being used eventually resulting in java running out of heap space...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/06 11:12 a.m.20 views

Non-admin User Should not be able to see all users/groups in drop down

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Portfolio Cloud. Using JIRA Portfolio Server? See the corresponding bug report|http://jira.atlassian.com/browse/JPOSERVER-1781. panel h3. Summary In Plan configuration Permissions Plan access. Non-admin users can try to add Viewers and see al...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/12/12 11:54 p.m.20 views

Permission issue when configuring Default Reviewers

Certain permissions relating to Default Reviewers could be circumvented by authenticated users...

3.9AI score
Exploits0
Atlassian
Atlassian
added 2016/07/19 7:11 p.m.20 views

XSS in Mail Whitelist Field

Jira Admins can create a persistant XSS on the Incoming Mail configuration page. When the value code "alert1 code is inserted into the Witelisted Domain field on the page code /secure/admin/IncomingMailServers.jspa code The javascript persists and executes on page load. This was tested on Jira...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/07/07 9:52 p.m.20 views

XSS in newFileName Field

From an external report: quote Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the...

6.1AI score
Exploits0
Atlassian
Atlassian
added 2016/06/24 12:11 p.m.20 views

bitbucket attempted security breach

Bitbucket https://bitbucket.org/socialauth/migrate/?next=/ is asking for my atlassian password. Asking for a password for another website is at best bad practice...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2016/06/23 1:42 p.m.20 views

Adding a group as a reviewer fails when the group id contains special characters because is not encoded

h3. Summary Groups containing special characters e.g. or / cannot be added as Reviewers. h3. Steps to Reproduce Create a group with a special character in it in an external user directory e.g. JIRA or LDAP Synchronize the group to FishEye Add the groups as a reviewer to a review h3. Expected...

2.8AI score
Exploits0
Atlassian
Atlassian
added 2016/05/31 3:21 a.m.20 views

Forms that use the GET method cause the XSRF token to be added to the URL

h5.Steps to Reproduce: In Confluence, visit the "My Profile" page /users/viewuserprofile.action Click "Edit Profile" Note that no atltoken is present in the URL. Click "Settings" /users/viewmysettings.action Click "Edit" Note that the atltoken value is present in the URL. h5.Cause Some forms are...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/05/20 9:54 a.m.20 views

Cannot sign commits and tags for Git Flow

The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/04/22 2:13 p.m.20 views

users without "delete attachment permission" can delete attachment

go to space tools permissions and remove the permission of user X to delete attachments go to a page of that space which contains an attachment go to attachments no "delete" link available / expand an attachment to see older versionns including current version for each version there is the...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/21 10:33 p.m.20 views

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/21 9:23 p.m.20 views

Security Issue with multimedia playback on Mac OSX

Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to make it work, and I would like to be able to disable these plugins as soon as possible. Can you please update your code for this as outlined here: https://support.apple.com/en-au/HT20508...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/02 10:0 p.m.20 views

Enabling SSL Broker for Remote Agents breaks Elastic Agent connectivity

h3. Summary When enabling SSL connectivity for remote agents by changing the Broker URL and Broker Client URL protocols from tcp:// to ssl://, elastic agents are no longer able to connect h3. Steps to Reproduce Start an Elastic Agent and run a test build to confirm Elastic Agents are connecting...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/02 3:34 p.m.20 views

Responses with Set-Cookie header cached

h3. Context We have Confluence running with SSO from Crowd. Confluence is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get...

7AI score
Exploits0
Atlassian
Atlassian
added 2016/02/18 6:36 a.m.20 views

Project Administrators can adjust permission schemes without having the permission

h3. Summary When alterations to a permission scheme of a Service Desk projects have been made, the project administration page can display an error message as described on the following page: https://confluence.atlassian.com/servicedesk/resolving-permission-scheme-errors-660967497.html In order t...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2015/12/22 10:55 a.m.20 views

Backup action is XSRF vulnerable

XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...

2.9AI score
Exploits0
Atlassian
Atlassian
added 2015/12/01 10:36 a.m.20 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2015/10/01 8:59 a.m.20 views

Prevent Activity feed information leakage by allowing permanently disabling of it

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/09/10 1:31 a.m.20 views

Disable Quartz Phone Home

Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2015/08/05 1:18 a.m.20 views

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/18 10:9 p.m.20 views

Content Spoofing in UpdateMyJiraHome

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1- go to...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/18 10:7 p.m.20 views

Content Spoofing in AppPortalPage

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/08 11:4 a.m.20 views

"JIRA Project Releases" event should respect Project's permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48963. panel Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. ...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/05/28 8:4 p.m.20 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/05/25 10:28 a.m.20 views

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/04/23 11:6 a.m.20 views

Modernize Confluence Backup & Restore

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-37322. panel As a User in all possible roles in order to save time & money and prevent unintended problems caused by the curren...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/03/10 3:44 p.m.20 views

Expired user in Active Directory do not stop user from cloning via SSH

User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.20 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/14 11:25 a.m.20 views

Disable SSLv3 in outgoing HTTPS connections from Confluence

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-36165. panel SSLv3 is an old protocol and has been superseded by TLSv1.0, TLSv1.1 and TLSv1.2. TLSv1.0 was first defined in...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2015/01/09 12:12 a.m.20 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to have an account and be able to access the Confluence web interface. All versions of Confluence u...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/18 3:41 a.m.20 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/11/21 8:54 a.m.20 views

Restricted page at the Home Page layer is shown at the sidebar page tree

h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/11/14 3:4 p.m.20 views

XSS vulnerability in spacedirectory

Good morning, I wanted to tell you to run vulnerability tests confluence, thrown the same XSS vulnerabilities. Version tested: 5.4.4 What steps should I follow to fix their vulnerabilities? Or vulnerabilities will be resolved for you? I attached the vulnerabilities: 1 GET...

2.7AI score
Exploits0
Total number of security vulnerabilities4295