Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2007/03/07 9:2 p.m.20 views

Project Role Modifications not reflected in Issue Security Scheme

If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2007/02/20 11:13 p.m.20 views

Need ability to limit use of remote API to certain users, or a certain group

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/02/20 11:13 p.m.20 views

Need ability to limit use of remote API to certain users, or a certain group

The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many pages can take several minutes, and all other users are locked from the wiki until it completes Reading or writing pages too rapidly through the API can impact the responsiveness of...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/12/14 1:22 a.m.20 views

Confluence is not using the seraph logout url to define how to log out.

We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2005/10/01 5:56 p.m.20 views

NPE in SpaceHelper borks page....

If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...

7AI score
Exploits0
Atlassian
Atlassian
added 2005/10/01 5:56 p.m.20 views

NPE in SpaceHelper borks page....

If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/09/14 4:22 a.m.20 views

A user cannot set the security level to none if the default security level is set

Selecting 'none' always creates an issue with the default security level...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/09/14 4:22 a.m.20 views

A user cannot set the security level to none if the default security level is set

Selecting 'none' always creates an issue with the default security level...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/02/10 3:49 p.m.20 views

Logon with wrong user/password gives 'weird' errorpage.

Error screen after wrong login is 'weird'...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/02/03 2:54 a.m.20 views

Obscure email addresses in Confluence Mail

Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email address.and other ppl's too. Eeek! We really want to obscure them. And anywhere else they appear in confl... Maybe some funky javascript email encryption ?...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/08/25 6:33 a.m.20 views

Enhance Seraph SSO support to create users automatically

Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator could create an OSUser account in JIRA if the SSO authentication succeeds...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/06/29 10:11 p.m.20 views

Spam-protection

We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It shouldn't be too hard to do - we already track URL links. The UI will need some thought though what do you do if you define a URL as spam, and it's in a page? Revert the page back t...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/04/01 11:52 a.m.20 views

Character not allowed in user name

A user has sign up with the user name "m&m". The i tried to modify this user. Because the username is passed as url parameter FooServlet?name=m&m : GET or POST method the servlet container cut the name and try to retreive the username named "m" !!! The only way is to use a database client, change...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/02/20 2:47 a.m.20 views

When deleting an Issue Security Level issues need to be re-indexed

Create 1 security levels Put some issues into it Delete the level hence removing any security level from the issues You will not be able to find the issues any more - need to re-index...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2026/04/16 1:50 p.m.19 views

mXSS (mutation Cross-Site Scripting) dompurify Dependency in Jira Service Management Data Center and Server

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS mutation Cross-Site Scripting vulnerability was introduced in version 10.3.0 of Jira...

10CVSS6.6AI score0.01093EPSS
Exploits2
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.19 views

DoS (Denial of Service) axios Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.02591EPSS
Exploits1
Atlassian
Atlassian
added 2026/03/12 8:28 p.m.19 views

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

8.8CVSS5.8AI score0.00233EPSS
Exploits1
Atlassian
Atlassian
added 2026/03/06 5:28 a.m.19 views

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

8.2CVSS5.9AI score0.00334EPSS
Exploits2
Atlassian
Atlassian
added 2026/01/16 6:27 p.m.19 views

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-66675 was introduced in versions 7.0.2 and 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H allows an...

8.2CVSS5.4AI score0.00508EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/16 7:5 a.m.19 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 5.12.2, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center and Server. This DoS Denial of Service vulnerability, with a...

7.5CVSS8AI score0.01819EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/14 6:28 p.m.19 views

File Inclusion tar-fs Dependency in Confluence Data Center and Server

This High severity File Inclusion vulnerability known as CVE-2025-59343 was introduced in version 7.19 of Confluence Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N allows an...

8.7CVSS5.6AI score0.00516EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/12 7:28 a.m.19 views

XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Bamboo Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, 11.0.0, and 12.0.0-rc3 of Bamboo Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of...

9.8CVSS5.6AI score0.02962EPSS
Exploits4
Atlassian
Atlassian
added 2025/10/22 7:34 a.m.19 views

Jira issue creation fails due to a problem with security level mapping.

h3. Issue Summary As per the issue-level security configuration|https://confluence.atlassian.com/adminjiraserver103/configuring-issue-level-security-1489807354.html documentation, when setting the default security level for an issue security scheme, if the issue reporter does not have the 'Set...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2025/09/09 2:9 a.m.19 views

RCE (Remote Code Execution) Third-Party Dependency in Confluence Data Center and Server

This high-severity Third-Party Dependency vulnerability was introduced in versions 2.0 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an authenticated attacker to...

8.8CVSS6.6AI score0.01548EPSS
Exploits1
Atlassian
Atlassian
added 2025/07/14 7:20 a.m.19 views

Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center

This ticket requests an LTS 9.2 fix for the issue at https://asecurityteam.atlassian.net/browse/VULN-1552959 . i This ticket doesn't have a due date because backport security fixes are only required for Critical-severity issues. Details: Security Bug Fix...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2025/07/09 4:13 a.m.19 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0 and 10.7.1 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS7.2AI score0.54877EPSS
Exploits1
Atlassian
Atlassian
added 2025/07/08 5:9 a.m.19 views

DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.4AI score0.64718EPSS
Exploits1
Atlassian
Atlassian
added 2025/07/05 5:9 a.m.19 views

DoS (Denial of Service) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 10.3.0 and 10.7.1 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7.2AI score0.54877EPSS
Exploits1
Atlassian
Atlassian
added 2025/05/31 6:8 a.m.19 views

DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 6.0.0, 6.1.0, 6.2.0, and 6.3.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS8.7AI score0.66933EPSS
Exploits5
Atlassian
Atlassian
added 2025/02/12 1:56 a.m.19 views

Third-Party Dependency in Bitbucket Data Center

This High severity Third-Party Dependency vulnerability was introduced in version 9.5.0 of Bitbucket Data Center. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no...

7.5CVSS6.7AI score0.00932EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/25 6:11 a.m.19 views

Individual users with System Administrator access under Global Permissions are able to view the names of restricted spaces that they are not permitted to access.

h3. Issue Summary Individual users with System Administrator who can also have both Confluence Administrator and System Administrator access under Global Permissions can view the names of restricted spaces that they are not permitted to access. This is reproducible on Data Center: yes h3. Steps t...

6.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2024/11/05 7:11 p.m.19 views

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.2.11, 9.4.3, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.00753EPSS
Exploits0
Atlassian
Atlassian
added 2024/09/11 10:31 a.m.19 views

Incorrect context paths included in the fallback URL still pass you to the login form when enable-authentication-fallback is enabled.

h3. Issue Summary When using an incorrect fallback URL to bypass SAML, you are still passed to the login form. This can be reproduced using a context path in the URL when no context path is set in the server.xml or by using a misspelled/wrong context path when one is set. This is reproducible on...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2024/06/19 6:15 a.m.19 views

Aggregated ticket for vulnerabilities in: org.owasp.antisamy:antisamy

Aggregation of vulnerabilities related to library: org.owasp.antisamy:antisamy Individual Confserver tickets are linked via Issue Links and should be addressed case-by-case. This ticket is created automatically. Do not close this ticket until all linked issues are resolved...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2023/10/06 9:45 a.m.19 views

Scripts failing intermittently due to permissions denied (401) exception while using PAT

h3. Issue Summary This is reproducible on the Data Center: Yes h3. Steps to Reproduce Create two Jira users: UserA and UserB and two Projects: ProjectA and ProjectB. Restrict access to ProjectA for UserA, and ProjectB for UserB. Create one issue each on ProjectA and ProjectB. Use the below python...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2023/09/11 7:59 a.m.19 views

websudo does not work for space admins in Confluence version 8.5.1

h3. Issue Summary This is reproducible on the Data Center: yes Issue happens only on 8.5.1 and works fine on 8.5.0 h3. Steps to Reproduce 1. Install Confluence Data Center 8.5.1 2. Create a Confluence test user with can use permissions in Global permissions 3. Assign all the space permissions in ...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2022/03/16 5:14 a.m.19 views

Admin user can change Base URL without WebSudo validation

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to change the Base URL of a Jira instance via a Broken Access Control vulnerability in the /rest/api/2/settings/baseUrl endpoint. The affected...

5.7AI score
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:14 a.m.19 views

Update atlassian-gadgets to 4.2.41 to fix information leak

The atlassian-gadgets library bundled in Fisheye allowed information leak about installed plugins to anonymous users...

6.7AI score
Exploits0
Atlassian
Atlassian
added 2021/04/26 5:57 a.m.19 views

Unauthenticated users can inject messages into the XSRF token error page

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to display arbitrary messages in the application via an injection vulnerability in the XSRF token error page. The affected versions are before version 8.5.14, and from version 8.6.0 before 8.12.1. ...

6.4AI score
Exploits0
Atlassian
Atlassian
added 2020/08/03 10:42 p.m.19 views

Unvalidated redirects in UPM via reverse tabnapping

Affected versions of Atlassian Jira Server and Data Center allow an authenticated attacker to redirect a user to a malicious website via an unvalidated redirect vulnerability in some Universal Plugin Manager pages, e.g. "Manage apps" and "Find new apps". Affected versions: version 7.13.16 7.14.0 ...

5.6AI score
Exploits0
Atlassian
Atlassian
added 2020/07/28 6:27 p.m.19 views

Improve error handling in commits page and REST endpoint

Adding a trail "%27" at the commits page URL in Bitbucket causes the application to output the error below. !screenshot-1.png|thumbnail! This error is improper error handling as it shows the path to the git executable in the server as well as it exceeds the limits of the error page and does not...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2020/04/28 10:22 a.m.19 views

Filter for custom field values shows all options from all contexts

h3. Summary If a custom field is added to a Portfolio plan, the Portfolio filter will show all options from all contexts configured in the custom field in Jira. h3. Steps to Reproduce Create a custom field with multiple contexts and values across contexts. Assign different projects to separate...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/11/07 4:35 p.m.19 views

Setup only possible with sending user statistics

One of our customers reported an error: panel There is a problem with the setup of the new version of SourceTree 3.0.8. In the last screen the preferences are requested. It is not possible to click "Weiter" Continue without checking the second option. !Preferences.png|thumbnail! But this needs to...

2.2AI score
Exploits0
Atlassian
Atlassian
added 2017/10/23 12:40 p.m.19 views

XSS Vulnerability in JIRA Issue Export

A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2017/05/25 3:47 p.m.19 views

Password Reset

I changed my password on my Linux system and now I can't push/pull via Atlassian SourceTree 2.0.20.1 gui. I tried resetting via the authentication tab under Tools-Options but the password is not being saved. I can use git via command line via Terminal because I am prompted for a password. I...

4AI score
Exploits0
Atlassian
Atlassian
added 2017/05/18 11:11 a.m.19 views

Best Practices for Configuring JIRA Security

h5. Issue Summary Can a documentation containing a collection of best practices for securing a JIRA instance be created similar to this one|https://confluence.atlassian.com/doc/best-practices-for-configuring-confluence-security-216433533.html/?ga=2.68524696.801198909.1495105182-524443449.14914597...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/02/21 1:8 a.m.19 views

Administrators should have the ability to restrict access to the System dashboard

Administrators should have the ability to restrict access to the System dashboard which by default is available to the public...

4.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/18 5:51 p.m.19 views

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

7.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/17 4:45 a.m.19 views

Shell Injection in SourceTree for Mac

SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...

3.7AI score
Exploits0
Atlassian
Atlassian
added 2017/01/09 11:11 p.m.19 views

JIRA Server can be DOSed through a specific error page resource.

JIRA had a specific error page resource that when repeatedly accessed could result in more memory being used eventually resulting in java running out of heap space...

0.9AI score
Exploits0
Total number of security vulnerabilities4295