4295 matches found
Security Vulnerability in Confluence Remote API
We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...
Allow to specify which user to be used in trusted connection with JIRA
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-21127. panel This is an improvement request to allow specifying which user to be used in trusted connection with JIRA. Proposed...
Intermittent Session Lost During Add/Edit Page in Firefox
We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...
Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication
When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail. h3. Resolution This is fix...
XSS vulnerability in space key, particularly with decorators off
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerabl...
Page view restriction is not inheriting to child pages in some spaces
When a new page is created using the create-page macro the child page does not have restrictions inherited. This is only happening for a few spaces. If I try the same macro in another space it will work fine. I have rebuilt the ancestors table but this issue is still happening. Please advise...
XSS vulnerability in Confluence Space Names
We have identified and fixed a cross-site scripting XSS vulnerability in Confluence Space Names. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An attacker's te...
Allow anonymous/public access at page level
Although a space might be restricted to some groups/users, it is sometimes required to allow public/anonymous access on a page per page basis within that space. This feature is missing and workarounds like create public spaces just for those pages are not viable...
XSS vulnerability in the Office Connector
We have identified and fixed a cross-site scripting XSS vulnerability which may affect Confluence instances in a public environment. The XSS vulnerability is exposed in the document import function of the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal...
Path traversal vulnerability in various Confluence actions
We have identified and fixed a path traversal vulnerability in various Confluence actions. By exploiting a path traversal vulnerability, attackers can retrieve any file on the server that is running Confluence, based on the permissions of the user under which Confluence is running. Path traversal...
websudo annotation backwards compatibility (Confluence 3.3)
Following this guide|http://confluence.atlassian.com/pages/viewpage.action?pageId=219021702, I started to use the websudo annotations to secure an XWork action that would process a form in the space admin tab. The plugin is meant to work with Confluence 3.3 and I haven't released a public version...
Secure Administrator Sessions feature can be bypassed
In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3. This would allow an attacker to perform administrative functions on Confluenc...
Enable Web Sudo to work with other single-sign-on solutions
Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...
sudo is decorated with global decorator
The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...
sudo is decorated with global decorator
The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...
Logout Button / Option Missing for some LDAP user accounts
Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...
Malicious File Upload
The application server accepted a vbscript file, an HTML file containing JavaScript, and the EICAR test virus as allowed attachments. This means that an attacker could submit a malicious file to the backend, where the file might be launched by another internal RIM employee if they click and open...
XSS vulnerability in Clickr theme
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence Clickr theme. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An attacker...
XSS vulnerability in PDF export
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...
500page.jsp Improvements
Some further improvements to the 500page.jsp: The following should not appear if there is no stack trace: quote Cause Stack Trace:hide quote \ \ Stack trace should not appear if the user triggering the page is anonymous user Changes to this sentence below: quote"Your Confluence administrator can...
Require user to answer CAPTCHA after three failed attempts
Require user to answer CAPTCHA after three failed attempts. For SOAP and XMLRPC this means that the user will have to open a browser to answer the CAPTCHA, similar to how google does it. This issue has been rated MODERATE. Please refer to http://confluence.atlassian.com/x/ZILmD for details on oth...
Not all error strings are encoded
A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...
brute force password attack protection by default
We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...
The current CAPTCHA implementation may not be secure
The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...
500page.jsp contains HTTP Header XSS vulnerability
The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...
issuelinkssmall.jsp has an XSS hole via the URL used to access it
The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...
Workflow permission to limit ability to link issues
We need to be able to limit the ability to link issues by the issue status. If we have two issues, and they are both closed, I do not want to be able to link them. If one or both are opened or in progress, I'd like to be able to create the link from the open issue. We are trying to use Jira for...
XSS in header for Personal Spaces
Create a user with username "alert'hahahaha' User creates a personal space Try to add a page to the personal space This is caused by code code However since the personal space doesn't work too well with usernames with crazy letters, I don't think its a Blocker...
Upgrade to the latest version of Seraph and Trusted Applications library
Andreas needs to make some improvements to trusted-application behaviour for Gadgets. In order to do this, we need to first get onto the latest version of Seraph where Trusted Applications is split out into a separate library. Also, the new version of Seraph uses a version of oscore library|SER-1...
Viewfile macros do not respect page restrictions
Add a page Set viewing restrictions to user1 only Add an attachment - 'Sample.doc' Log in as user2 - confirm that you cannot see the restricted page Add a page, and use the viewfile macro Enter the location of the attachment on the restricted page The contents of the attachment can now be viewed ...
Prevent global settings from being accidentally overwritten
On a number of occasions, upgrading Extranet has triggered some kind of bug that has caused the global settings to be reset to their default values. The most obvious cause of this is that some piece of code has created a new Settings object and saved it through the settings manager. One way to...
Update JIRA certificate for Screenshot Applet and others. It expires in June 2009
See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...
Bright Cove User Macro-Cross-site script
Our e-security found the following error after they scanned the Bright Cove User Macro: Number System/Location Defect Type Status R4 Bright Cove User Macro Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...
Cache Plugin -Cross-site script error
Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...
Cache Plugin -Cross-site script error
Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...
Reporting Plugin- Cross-site scripting error
Our e-security found the following error for the Reporting plugin: Number System/Location Defect Type Status R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to...
JIRA build information not included in dummy XML responses to search filter requests which users do not have access to
The build-info element is missing from the response to search filter XML requests. noformat https://support.atlassian.com/sr/jira.issueviews:searchrequest-xml/10593/SearchRequest-10593.xml?tempMax=100 noformat Happens if the user does not have access to the filter. See also...
Redirect that works in 2.9 is broken in later Confluence versions
Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...
Seraph binary dosn't correspond to source distribution for JIRA 3.13.2
Try to stepover getUserHttpServletRequest request, HttpServletResponse response Also, if user is not resolved by session, why not to try resolve it from cookie...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Attachment list in popup doesn't escape filenames causing XSS hole
The filenames in the attachment list of the link popup aren't being escaped. If you upload an attachment with a filename including html it could be executed...
Inserted image filenames are not escaped properly as thumbnails
When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...
It's possible to execute a workflow action without being logged in.
To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Security Vulnerability in xwork, need to update to fixed version
see http://cwiki.apache.org/confluence/display/WW/S2-003 confluence currently using v1.0.3. 1.0.x branch was not yet patched so we cannot upgrade straight away. Don B is working on releasing the fix...
SSO credentials not used in IssueViewURLHandler
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-15048. panel A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link ...