Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2013/12/19 12:48 a.m.19 views

Several actions vulnerable to CSRF (have websudo protection)

A number of actions in JIRA were vulnerable to CSRF as they performed no token checking. These actions are protected by websudo, which makes exploiting them impossible...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/10 1:42 p.m.19 views

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/09 4:14 a.m.19 views

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/11/13 11:18 p.m.19 views

LDAP credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/02 2:10 p.m.19 views

Password reset emails are unusable on Outlook Web Access

When viewing a requested password reset email in Outlook webmail a user cannot see the button representing the main required action. Screenshot attached shows text highlighted to better demonstrate the issue White text on White background. Probably an Outlook issue but I think there might be...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/17 4:58 a.m.19 views

Miscellaneous actions are vulnerable to CSRF

This issue is to track the following subset of actions from CONF-27690: StartClusterAction, execute ExternalUserConnectivityAction, execute HandleNameConflictsAction, execute FlushIndexQueueAction, execute ContentRemigrationAction, execute...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/10/13 11:42 p.m.19 views

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/11 3:47 a.m.19 views

doeditdefaultspacepermissions.action vulnerable to CSRF

EditSpacePermissionDefaultsAction, execute...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/10 11:28 p.m.19 views

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/08 4:38 a.m.19 views

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2013/10/01 11:7 a.m.19 views

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 10:59 a.m.19 views

Inaccessible page titles leaked by Share Page API

The Share Page API exposes a REST endpoint that is available to authenticated users of Confluence. It is possible for any user to share any page simply by specifying the corresponding numeric id and the resulting notification includes the title of the shared page. In particular, a user may obtain...

6.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/27 6:49 a.m.19 views

SSL Cipher suites are not configurable

Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/09/24 8:35 a.m.19 views

Passwords from variables are visible in plaintext in release versioning preview

Hey Atlassians! You can see the contents of masked variables the ones with "password" in their key when you click on "Add variable to version" in release versioning configuration screen for deployment project. Steps to reproduce: 1. Create a global variable with key: "testpassword" and value "abc...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 11:11 a.m.19 views

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/10 12:59 p.m.19 views

"Contact Administrators" Process Doesn't Exclude Disabled Administrators

h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2013/08/23 1:38 a.m.19 views

CSRF in doremoveblogpost.action

Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL. /pages/doremoveblogpost.action?pageId=...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/13 1:36 a.m.19 views

Convert the SecurityHeadersInterceptor into a filter that applies to /*

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/09 4:40 a.m.19 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/08 5:20 p.m.19 views

Persistent XSS in Username field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" fo...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/08 5:20 p.m.19 views

Persistent XSS in Username field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" fo...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/08/05 9:55 p.m.19 views

Force password reset for all users

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30236. panel Administrators should have an easy way to force users to change passwords in bulk format in emergencies. Has this...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/02 12:15 a.m.19 views

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

3AI score
Exploits0
Atlassian
Atlassian
added 2013/07/30 11:51 a.m.19 views

Better error handling when changing password with LDAP connected

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34098. panel When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/03 1:43 a.m.19 views

GeneralUtil.escapeForHtmlAttribute does not completely escape the given input for use in an html attribute context

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29826. panel GeneralUtil.escapeForHtmlAttribute only escapes " and it does not escape ' . Furthermore, the method does not html...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 1:38 p.m.19 views

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

2.3AI score
Exploits0
Atlassian
Atlassian
added 2013/05/13 2:46 p.m.19 views

https://jira.atlassian.com/500page.jsp

this page shows all the data about JIRA instance to intruder. It makes it more vulnerable when you know the whole setup...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/29 3:41 a.m.19 views

SPAM via Answer

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47171. panel I have received an email notification containing a link as an aswer one of my questions. It turns out that a spam. ...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/26 6:49 a.m.19 views

Path traversal in HtmlExporter.java and FileXmlExporter.java

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/20 6:9 a.m.19 views

Custom Seraph Authenticators broken in Confluence 5.0

The constructor signature of com.atlassian.confluence.event.events.security.LoginEvent changed between Confluence 4.3.x and 5.0 - an additional String parameter was added to the constructor. From this: code public LoginEventObject src, String username, String sessionId, String remoteHost, String...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/02/15 4:53 p.m.19 views

Anonymous users can see page restriction data, exposing user ids and group names

If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 1:17 a.m.19 views

Reflected xss in CloneSessionPost.jspa

In plugin/src/main/resources/templates/excalibur/web/testsessions/test-session-clone.vm on line 2, the 'testSessionId' parameter is extracted from the request parameters and inserted without first html encoding the value into the form element 'action' value. This means means that the resource is...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 6:43 p.m.19 views

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 6:43 p.m.19 views

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2012/12/21 12:8 a.m.19 views

XSS bug in detail view epic name lozenge rendering

6.1 introduced an xss bug in the detail view, more specifically in the epic field that displays to which epic an issue belongs to...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:41 p.m.19 views

UploadAttachmentsAction XSRF

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permissio...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/10 7:37 a.m.19 views

JIRA REST API makes it easy to harvest email addresses

The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2012/10/10 12:13 a.m.19 views

File Attachment persistent XSS

There is a persistent XSS vulnerability in the attachment download functionality of Confluence. By uploading a malicious executable file type like SVG scalable vector graphics with embedded JavaScript, it’s possible for an attacker to execute arbitrary code under the context of the logged in user...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 4:9 a.m.19 views

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/08 1:32 a.m.19 views

persistent xss in a user's username within mentions within comments

A user's username is injected into the "rel" attribute of the user mention link without being encoded properly. This means that if the username contains a " character then new attributes can be injected into the user mention link element. Hence, providing a persistent xss vector. To reproduce thi...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/10 12:19 p.m.19 views

Information disclosure in REST API

REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/05 11:5 a.m.19 views

Provide HTTP headers for the content that absolutely must not be cached on the client

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/16 2:13 p.m.19 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/08 7:48 a.m.19 views

Persistent xss flaw in the revision history (of comments).

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47387. panel Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history pag...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/06/11 8:19 a.m.19 views

Password Reset doesn't recognise spaces in usernames

When I enter my new password and submit the page, it responds with a message about the username 'philip', but my username is 'philip widan'. There was a similar issue with the Bonfire plugin, which required an upgrade to JIRA v5 to resolve. The URL I clicked on to get to the password reset page...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2012/05/08 5:13 a.m.19 views

Several REST interfaces vulnerable to XSRF

Several REST web services are vulnerable to XSRF|https://www.owasp.org/index.php/Cross-SiteRequestForgeryCSRF, allowing malicious web pages to execute them under the context of a logged in users browser. It's understood that JIRA REST interfaces are typically protected against XSRF based on the...

2AI score
Exploits0
Atlassian
Atlassian
added 2012/05/07 7:0 a.m.19 views

Javascript escape the value of "dark features" within the javascript context they are rendered out in

Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/06 11:34 p.m.19 views

ConsumerConfigurationServlet Open Redirect

The ConsumerConfigurationServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/06 11:31 p.m.19 views

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/04 3:19 a.m.19 views

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

0.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295