4295 matches found
XSS vulnerability in Crucible's Snippets
We have identified and fixed a cross-site scripting XSS vulnerability in the Crucible Snippets. Affected versions are Crucible 2.4.5 to 2.5.0 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS attack...
Remember Me filter not working for FishEye/Crucible
The current implementation of the FishEye filter still require that the Remember Me cookie have the encrypted credentials for the user, what is no longer true as that pose a major security vulnerability. The filter should rely on the JIRA Remember Me funcionality. If the user logged in using the...
Ability to perform a bulk random password reset for users per project
Would like to have the ability to perform a bulk password reset on user accounts for any particular JIRA project. Have recently received a request from a customer to perform this operation on their project. I did raise a support call JSP-73240 and was recommended to raise a New Feature Request...
XSS vulnerability in the action links of Confluence's attachments lists.
We have identified and fixed a cross-site scripting XSS vulnerability in the action links of Confluence's attachments lists. All versions from 2.7 to 3.4.7 are affected. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about...
Add warning to Shared Dashboards explaining consequence of 'everyone'
In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...
XSS vulnerability in Global Reports macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence global-reports macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...
Wrong HTTP response codes leak information
There are some resources exposed in FeCru where depending on their existence user may get 403 or 404 http response code depending on the existence of the resource. Because the permission check is done earlier than existence check, server may leak the existence of particular resource to the...
Wrong HTTP response codes leak information
There are some resources exposed in FeCru where depending on their existence user may get 403 or 404 http response code depending on the existence of the resource. Because the permission check is done earlier than existence check, server may leak the existence of particular resource to the...
Patches for XSS / XSRF vulnerabilities
We have identified and fixed vulnerabilities in JIRA 4.2 which will allow an attacker to invoke XSS Cross Site Scripting attacks and/or Cross Site Request Forgery XSRF attacks. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory...
Page view restriction is not inheriting to child pages in some spaces
When a new page is created using the create-page macro the child page does not have restrictions inherited. This is only happening for a few spaces. If I try the same macro in another space it will work fine. I have rebuilt the ancestors table but this issue is still happening. Please advise...
Can't set visibility on comment created via Activity Stream Gadget
I can't restrict the visibility of an comment created via the activity stream gadget. In our environment it is important for us to have this feature available everywhere where users are able to create comments on issues...
Potential attack vector using attachments
Suspicious handling of attachment uploads with filenames containing quotes the quoted ended up being repeated and semicolons semicolon and all subsequent characters were stripped from filename...
XSRF vulnerability in the Mail Page plugin
We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Mail Page plugin. Note that the Mail Page plugin is disabled by default. If you do not have this plugin...
Confluence should not allow configuration of Office Connector temporary storage location
Earlier versions of Confluence allow the administrator to set the temporary storage location for the View File macro, part of the Office Connector. Provided an attacker has gained administrative access to the system in some way, they could then exploit this vulnerability to save malicious files...
Replace unsafe text gadget and add to JIRA Cloud
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21965. panel panel:title=Atlassian Update - 23 April 2015|borderStyle=solid|borderColor=ebf2f9|titleBGColor=ebf2f9|bgColor=ffffff Hi everyon...
NullPointerException when there are no cookies and AccessLogRequestInfo is enabled
When using the filter-list and project-list plugins I ran into an issue where NullPointerExceptions were being thrown. I turned out the issue is in AccessLogRequestInfo when the Cookie header doesn't exists. The line that causes the exception is a log.debug line. I am including a patch that check...
Pluggable CAPTCHA
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-21359. panel CAPTCHA should be pluggable in JIRA CAPTCHA|http://en.wikipedia.org/wiki/CAPTCHA is supposed to stop spam and other automated...
Password strength measurement and restriction
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-21358. panel Enable password strength rules to tell the user the effective strength of the password they choose optionally allow administrato...
XSS vulnerability in some JSPs under admin section
Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...
Only strings are encoded
The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...
Mail support request accepts any e-mail address
The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...
Anonymise config files in support zip
Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...
Not all error strings are encoded
A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...
XSS vulnerability in Colour Scheme settings
An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...
XSS vulnerability in Colour Scheme settings
An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...
XSS vulnerability in search
An XSS vulnerability has been found in the searching component of Confluence...
XSS Bookmark vulnerabilities
The Add bookmark page is vulnerable to XSS attacks...
brute force password attack protection by default
We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...
Brute force protection on JIRA 4.1 leaks valid account names
The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to harvest a list of valid logins on the system. The brute force login protection should activate when either the login or the password is wrong...
runportleterror.jsp contains XSS hole
The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...
Custom fileds inconsistently escaped in view and edit screens
Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...
A link to Re-Indexing is visible to users even if they are not sys admin
I saw this on EACJ where I am not a sys admin quote XXXX made configuration changes in section 'Custom Fields' at 01/Feb/10 1:16 PM. It is recommended that you perform a re-index. For more information, please click the Help icon. To perform the re-index now, please go to the 'Indexing' section...
Include XSS security warning on HTML macro description in Wiki Markup Renderer
Include XSS security warning on HTML macro description in Wiki Markup Renderer. Derived from JRA-19802...
Randomised password not sent in email
When creating a user with password normally, the notification email to that new user will contain the password. However creating a new user and leave the password blank, JIRA randomly generates a password for that user, but the randomised password "is not sent" in the notification email to that...
Remove database passwords from the file system.
Currently if you connect Jira to an external database, you must store the database credentials on the file system either in the server.xml file Jira standalone, or in an equivalent file. This has security implications. Can we modify the application to not store this information on the file system...
User's Full Name is an XSS vector in Status Updates tab of User Profile
A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...
deleted page is still accessible in Confluence when accessing via viewpage.action?pageId in the url
Deleted pages can still be accessed in Confluence when one enters their pageId in the url. For example: noformat http://confluence.atlassian.com/pages/viewpage.action?pageId=196837485 http://confluence.atlassian.com/display/CONFKB/Office+Connector noformat The links above are referring to the sam...
deleted page is still accessible in Confluence when accessing via viewpage.action?pageId in the url
Deleted pages can still be accessed in Confluence when one enters their pageId in the url. For example: noformat http://confluence.atlassian.com/pages/viewpage.action?pageId=196837485 http://confluence.atlassian.com/display/CONFKB/Office+Connector noformat The links above are referring to the sam...
Confluence users should inherit permissions from the anonymous user
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-17278. panel This has been derived from CONF-4955|http://jira.atlassian.com/browse/CONF-4955. The above seems to have been fixed...
Add a password lockout feature
Confluence does not prevent someone from making a script that tries every possible password combination for a Confluence account. There should be an option to set a max attempts and then lock out the user from the system. This is obviously a security problem as Confluence within most companies us...
JQL not respecting Issue Security Level "Project Lead"
While writing TestIssueSecurityLevel I found the following problem: fred is not a Project Lead HSP-3 has Issue Security Level of "Project Lead" only. empty JQL to show all visible issues doesn't show HSP-3. make fred the Project Lead same query: still no HSP-3 however: fred can browse to HSP-3 an...
Upgrade to the latest version of Seraph and Trusted Applications library
Andreas needs to make some improvements to trusted-application behaviour for Gadgets. In order to do this, we need to first get onto the latest version of Seraph where Trusted Applications is split out into a separate library. Also, the new version of Seraph uses a version of oscore library|SER-1...
XSS in PDF screen
The "PDF Export Stylesheet" field is not encoded...
XSS vulnerability in space name when page move would create a duplicate
Create a space called alert"XSS"; Find a page named 'Home' in a different space Move this page, choosing the previously created space as the destination The move will fail due to the duplicate page name, and the script will be run...
XSS vulnerability when moving page between spaces
You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly. To reproduce. 1 Create a space called alert"Howdy"; 2 Create a page in another...
XSS in user links
A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...
Viewfile macros do not respect page restrictions
Add a page Set viewing restrictions to user1 only Add an attachment - 'Sample.doc' Log in as user2 - confirm that you cannot see the restricted page Add a page, and use the viewfile macro Enter the location of the attachment on the restricted page The contents of the attachment can now be viewed ...
Encrypted passwords in osuser.xml
We need to set a crypted password instead plain text password in java.naming.security.credentials within osuser.xml...
Bright Cove User Macro-Cross-site script
Our e-security found the following error after they scanned the Bright Cove User Macro: Number System/Location Defect Type Status R4 Bright Cove User Macro Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...
JIRA build information not included in dummy XML responses to search filter requests which users do not have access to
The build-info element is missing from the response to search filter XML requests. noformat https://support.atlassian.com/sr/jira.issueviews:searchrequest-xml/10593/SearchRequest-10593.xml?tempMax=100 noformat Happens if the user does not have access to the filter. See also...