4295 matches found
JIRA build information not included in dummy XML responses to search filter requests which users do not have access to
The build-info element is missing from the response to search filter XML requests. noformat https://support.atlassian.com/sr/jira.issueviews:searchrequest-xml/10593/SearchRequest-10593.xml?tempMax=100 noformat Happens if the user does not have access to the filter. See also...
Redirect that works in 2.9 is broken in later Confluence versions
Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...
Seraph binary dosn't correspond to source distribution for JIRA 3.13.2
Try to stepover getUserHttpServletRequest request, HttpServletResponse response Also, if user is not resolved by session, why not to try resolve it from cookie...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Word import with Office Connector can overwrite existing content without permission
It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change. Note that...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Attachment list in popup doesn't escape filenames causing XSS hole
The filenames in the attachment list of the link popup aren't being escaped. If you upload an attachment with a filename including html it could be executed...
Inserted image filenames are not escaped properly as thumbnails
When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...
It's possible to execute a workflow action without being logged in.
To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Security Vulnerability in xwork, need to update to fixed version
see http://cwiki.apache.org/confluence/display/WW/S2-003 confluence currently using v1.0.3. 1.0.x branch was not yet patched so we cannot upgrade straight away. Don B is working on releasing the fix...
SSO credentials not used in IssueViewURLHandler
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-15048. panel A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link ...
XSS in DWR
Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example...
XSS vulnerability in viewinfo.action
Referrer URLs are not encoded in viewinfo.vm...
username not validated in add user to favourites action
Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...
JIRA Portlet Macro not displaying when authenticating using the trusted application between JIRA and Confluence
We're having issues using the JIRA portlet macro jiraportlet on pages inside Confluence. Whenever we try to use this macro using the trust between JIRA and Confluence for authentication, the macro does not display on the page. There aren't any errors, it just doesn't appear. code...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
Security vulnerability with Dashboard spacesSelectedTab
Our security team has reported the following vulnerability, which must be resolved for us to use the application. Severity: High Test Type: Application Vulnerable URL: https://gforgewiki.nci.nih.gov/dashboard.action Parameter = spacesSelectedTab Remediation Tasks: Filter out hazardous characters...
You are able to delete a Custom Field that is referenced in Permission settings.
If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...
Username upper case are not being restricted in some pages
Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...
Username upper case are not being restricted in some pages
Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...
Option to disable "secure" cookie when using HTTPS just for login page
Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...
Only allow basic formatting macros in comments
Currently it is possible for users with create comments permission to embed macros in these comments. This is a security risk and unnecessary/unwanted feature. Should a macro contain security vulnerability, we can't rely on the fact that only trusted users whom we given permission to create/edit...
Only allow basic formatting macros in comments
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-9387. panel Currently it is possible for users with create comments permission to embed macros in these comments. This is a...
It is possible to see components without logging in
It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...
Remove the space-list from the 404-error-page to reduce load on server
The default 404 page shows a list of spaces. On a big, busy instance this can generate a lot of load. The query is run on every 404 which can happen multiple times on a request if there are some bad resources missing css/js etc. Perhaps there should be some sort of throttling or configuration to...
Reflected XSS Vulnerability in the Feed Builder
---- Input in the Feed Builder is not properly handled. Insert: code "alert'Gotcha!' code as the feed name title and you get url like this:...
Vulnerability against DoS attack via labels
Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...
stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action
Description: Stored XSS via page app/themes/leftnavigation/configuretheme.action?key= Exploit: Example value in the Naviagtion Page field: "aletrdocument.cookiex x="...
UnsupportedOperationException with hasPermissionToCreate when called with DocumentIssueImpl
Extending the SearchRequestPortlet for Kaamelot Portlet, I use WorklogService.hasPermissionToCreateJiraServiceContext jiraServiceContext, Issue issue . As SearchRequestPortlet provides through its SearchProvider a list of Issue based on class DocumentIssueImpl, the hasPermissionToCreate fails wit...
Security issue: user can copy page with only view permissions
I have a user who only has view permissions to a space. Logging on as that user, I went to the Info tab of a page. The Copy operation appeared, and I was able click the link, edit the copied page, and save it. This must be a security hole?...
CommentService validation methods do not check user's security level
The validateCommentUpdate, hasPermissionToUpdate and hasPermissionToDelete methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment...
Assign Groups to Project Role screen allows entry of users as groups
When assigning groups to a project role, the screen allows the user to specify a group that is really a user name...
Data anonymiser does not blank out SMTP server username and password
SMTP server username and password are readable in database/xml export: This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values. ---- Username and password should be encoded format in database...
Data anonymiser does not blank out SMTP server username and password
SMTP server username and password are readable in database/xml export: This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values. ---- Username and password should be encoded format in database...
Data anonymiser does not blank out SMTP server username and password
SMTP server username and password are readable in database/xml export: This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values. ---- Username and password should be encoded format in database...
Project Role Modifications not reflected in Issue Security Scheme
If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...
Project Role Modifications not reflected in Issue Security Scheme
If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...
Need ability to limit use of remote API to certain users, or a certain group
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...
Need ability to limit use of remote API to certain users, or a certain group
The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many pages can take several minutes, and all other users are locked from the wiki until it completes Reading or writing pages too rapidly through the API can impact the responsiveness of...
Confluence is not using the seraph logout url to define how to log out.
We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...
NPE in SpaceHelper borks page....
If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...
NPE in SpaceHelper borks page....
If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...
A user cannot set the security level to none if the default security level is set
Selecting 'none' always creates an issue with the default security level...
A user cannot set the security level to none if the default security level is set
Selecting 'none' always creates an issue with the default security level...
Logon with wrong user/password gives 'weird' errorpage.
Error screen after wrong login is 'weird'...
Obscure email addresses in Confluence Mail
Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email address.and other ppl's too. Eeek! We really want to obscure them. And anywhere else they appear in confl... Maybe some funky javascript email encryption ?...
Enhance Seraph SSO support to create users automatically
Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator could create an OSUser account in JIRA if the SSO authentication succeeds...