Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2014/07/15 8:47 a.m.20 views

UserPreferencesResource accepts form encoded data, is vulnerable to XSRF attacks

UserPreferencesResource exposes all data stored in a UserPreferences object, and allows updating it via a POST. This vulnerability needs to be closed before the next deployment...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 3:29 p.m.20 views

Subpages don't inherit permissions from parent pages (see comments for solution)

We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/26 8:0 p.m.20 views

Define the security for which plugins can be used by which users on which pages

This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allowed users. For example: Restrictions based on users and groups Controlled by normal Confluence page edit restrictions as an additional feature for the Tools dropdown. We can see a...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/23 3:45 a.m.20 views

Lack of CSRF protection on Voting

On Confluence Questions, answers and questions can be upvoted by the victim automatically on a question page visit, due to the lack of CSRF protection. When up voting a question manually, whilst on the question page, a single post request is issued: e.g. POST...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/18 2:46 p.m.20 views

Removing user from LDAP doesn't clear LDAP group membership

Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2014/06/04 3:37 p.m.20 views

Crowd User Directory application password stored in plain text

Table: cwddirectoryattribute Column: attributevalue How to Verify in my environment: Connect to JIRA database using psql and run query: code select attributevalue from cwddirectoryattribute where attributename = 'application.password' code Note how the returned value is the plain text value of th...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 2:4 p.m.20 views

Persistent Cross Site Scripting Flaw in User Profiles

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/05/22 7:38 p.m.20 views

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2014/05/12 5:43 a.m.20 views

ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

2.6AI score
Exploits0
Atlassian
Atlassian
added 2014/05/12 1:35 a.m.20 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/12 1:35 a.m.20 views

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was reported by Nakul Mohan , 11 May - the email is too long to reproduce here. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 3:27 p.m.20 views

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.20 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/29 2:0 a.m.20 views

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

1AI score
Exploits0
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.20 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.20 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2014/04/08 3:24 p.m.20 views

Confluence OnDemand dashboard - popular tab - user is shown links to pages they are restricted from viewing

Children of restricted pages do not get hidden from users who do not have permission to see the parent. Steps to reproduce: Create an unrestricted page. Create a child page, also unrestricted. Create a second user. Confirm the user can see the two new pages in their dashboard. Restrict viewing of...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/27 2:46 a.m.20 views

Any user without permission to view the page can view its label

h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.20 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2014/03/11 5:51 a.m.20 views

Automatic access added to newly added bitbucket account without notificiation

Steps to replicate: Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector. Click on the cog to the right of your new account and view 'configure automatic access' Result: Automatic access will be set up and membership to the 'developers' group will be granted Expected...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/25 3:59 a.m.20 views

Velocity XSS in $space.name

I got the following email from Ulrich Kuhnhardt quote While we were doing some testing with XSS for the shiny new Publishing plugin we found that the velocity renderer does not escape $space.name To reproduce Create a space with name 'alert'bang'css' Create a user macro ’simple-space-name' in...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/02/20 4:9 p.m.20 views

Restricted JIRA comments appear in Confluence notification inbox

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...

2.7AI score
Exploits0
Atlassian
Atlassian
added 2014/02/20 4:9 p.m.20 views

Restricted JIRA comments appear in Confluence notification inbox

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/18 12:1 a.m.20 views

Content Spoofing in the createrssfeed action

A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/18 12:1 a.m.20 views

Content Spoofing in the createrssfeed action

A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2014/02/14 3:48 a.m.20 views

Content Spoofing in the ConvertIssue.jspa action

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/14 3:48 a.m.20 views

Content Spoofing in the ConvertIssue.jspa action

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/13 11:39 p.m.20 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2014/02/07 6:4 a.m.20 views

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

3.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/24 1:21 a.m.20 views

XSS on several select lists

Steps to reproduce: -Create a new issue type -Add "alert'Issue name' as Issue name mind the qoute at the beginning -Add "alert'Issue desc' as Issue Description -Add /images/icons/issuetypes/genericissue.png "alert'Issue icon' as Issue Icon -Make sure that this issue type is available on your...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/09 3:42 p.m.20 views

Provide the option to temporarily lock a user account after the maximum configured login attempts

It would be very helpful to have option to configure maximum attempt of failed login and a mechanism to lock/disable user account after the maximum failed attempt is reached. Decide upon the number of login attempts to be allowed configurable, and make sure that the account will be locked once th...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/09 12:39 a.m.20 views

XSS in the view parameter of several actions

The following XSS issues were detected by a customer. /changelog?max=30&view=cru%22;alert4015891;//%22&@asv=cru /project/CR?max=30&projectKey=CR&view=all";alert3166631;//"&@asv=all /user/c30626?max=30&name=c30626&view=all";alert1287220;//"&@asv=all...

3.2AI score
Exploits0
Atlassian
Atlassian
added 2013/12/19 12:48 a.m.20 views

Several actions vulnerable to CSRF (have websudo protection)

A number of actions in JIRA were vulnerable to CSRF as they performed no token checking. These actions are protected by websudo, which makes exploiting them impossible...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/11 7:33 p.m.20 views

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31945. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visib...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/05 3:4 p.m.20 views

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/05 9:38 a.m.20 views

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.20 views

LDAP credentials are stored in plain text in database

This information should be encrypted so that anyone with access to the database does not gain access to other systems...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/06 5:1 p.m.20 views

User or Group Page Security

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31505. panel Option to give user or group access to a particular page with a selectable option on the particular page rather tha...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/29 6:54 a.m.20 views

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2013/10/11 3:47 a.m.20 views

doeditdefaultspacepermissions.action vulnerable to CSRF

EditSpacePermissionDefaultsAction, execute...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/02 11:33 a.m.20 views

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/09/25 2:11 p.m.20 views

Password displayed in clear text when logging in to a websudo session that has expired

When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text. This is a breach in security; the password should never be displayed in clear text on a web page...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/09/20 5:8 p.m.20 views

doremovespacemail action can be called by non-admins

The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/20 5:8 p.m.20 views

doremovespacemail action can be called by non-admins

The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2013/09/20 5:6 p.m.20 views

User invite functionality available to non-admins

The REST API which manages user invites ensures that only adminstrators can generate a new invite token. However, no similar access controls are present on the methods which are used to invite new users, or to revert to the previous security token – these can be successfully called by any...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2013/09/16 1:47 p.m.20 views

OAuth Administration screen is visible to anonymous users

If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page: /plugins/servlet/oauth/view-consumer-info This page display Confluence administrators menu on the sidebar and other information su...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 6:43 a.m.20 views

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 5:41 a.m.20 views

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/11 5:4 a.m.20 views

Moving pages around spaces using HTTP get without XSRF token

Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this: http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2 Malicious example of how to exploit this in an email message: after opening the email, th...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/02 7:10 a.m.20 views

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

0.8AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295