4295 matches found
XSS in the MigratePriorityScheme resource - CVE-2019-11584
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the priority icon url of an issue priority...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
Upgrade bundled Tomcat to the latest minor release
Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabilities on bundled tomcat which is version 6.0.35. Security Vulnerabilities Information: http://tomcat.apache.org/security-6.htmlFixedinApacheTomcat6.0.36 So customer...
CVE-2023-48795 vulnerability on SSH
panel:title=Strict key exchange support|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa The server now supports strict key exchange in 8.9.10+ LTS, 8.13.6+, 8.14.5+, 8.15.4+, 8.16.3+, 8.17.1+ and 8.18.0+. If old SSH clients that don't support strict key exchange are being...
Anonymous users can view list of installed gadgets in Jira
h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...
Anonymous users are able to view user information through the /rest/api/2/search endpoint - CVE-2021-39122
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...
Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260
There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassi...
Stored XSS in Confluence Server via text/rdf
h3. Issue Summary There is a stored XSS in file upload functionality of Confluence Server 7.3.3. This XSS triggers only in Firefox. Bug Bounty An authenticated attacker can upload specially crafted attachment and achieve stored XSS. h3. Steps to Reproduce Go to any Confluence page Attach xss.txt...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...
Jira is affected by Tomcat CVE-2020-13943
Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2020-13943|https://vulners.com/cve/CVE-2020-13943. The affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from versi...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Update Apache Struts 2 to avoid CVE-2020-17530
Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...
Information Disclosure in comment restriction feature - CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. Affected versions: version 7.6.17 7.7.0 ≤ version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.6.17...
The bundled Atlassian Application Links plugin had various XSS issues - CVE-2018-5227
The version of the bundled Atlassian Application Links plugin was vulnerable to XSS. See https://ecosystem.atlassian.net/browse/APL-1361 for more details...
Missing permission check in review coverage REST endpoint - CVE-2017-18035
The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...
The bundled Atlassian Activity Streams plugin had Improper Access control inside several rest inline action resource resource - CVE-2017-9506
The version of the bundled Atlassian Activity Streams plugin was vulnerable to Improper Access control. This allowed remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
Uploading a malformed Word document and requesting it repeatedly renders Confluence unavailable.
h3. Issue Summary From the researcher: There is a Denial of Service issue in the "Import Word Document" functionality of Confluence Server. When importing a specially crafted word or openoffice document see attached Confluence will throw an java.lang.OutOfMemoryError:. Background: A Word document...
Address CVE-2019-11358 in the bundled version of jQuery
The bundled version of jQuery in Crucible before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Crucible...
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-61803. panel The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all Jira SM versions? It seems fixed in for Jira SW as mentioned https://jira.atlassian.com/browse/JRASERVER-75017 In JSM it is still discovered as a vulnerability...
CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumera...
Non-administrators can edit the File Replication settings - CVE-2021-41308
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...
XStream upgrade to 1.4.18
h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...
Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...
CVE-2016-6496: LDAP Java Object Injection in Crowd
The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...
Information disclosure in Login - CVE-2020-4028
Users without session information should be pushed to the login page. Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Login. Affected versions: version...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Bamboo before version 6.8.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
URL path traversal allows information disclosure - CVE-2019-15004
URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...
Unauthenticated user can check the whitelist rules for any URL
h3. Issue Summary This issue was discovered through our bug bounty program. An unauthenticated user can check if a URL is permitted through the whitelist. noformat /rest/whitelist/1/check?url=http://www.atlassian.comnoformat returns the whitelist rules associated with http://www.atlassian.com...
RCE (Remote Code Execution) in Confluence Data Center & Server
This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...
CPU exhaustion caused by DoS against Confluence server by requesting static batch resources
The details of this issue can be viewed here: https://asecurityteam.atlassian.net/browse/VULN-170040 The source code is located at: https://bitbucket.org/atlassian/atlassian-plugins-webresource/src/master/...
XSS in Custom Filter Title
There is a reflected XSS in the review custom filter...
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...
Upgrade standalone Tomcat to 5.5.25
We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at: https://vulners.com/cve/CVE-2007-3382 https://vulners.com/cve/CVE-2007-3385...
User Enumeration via /rest/api/1.0/render endpoint - CVE-2021-39118
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. Affected versions: version 8.19.0 Fixed...
Improper authorization check in the WorkflowResource class removeStatus method - CVE-2019-15013
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...
Missing access controls in loadattachmentversions action
The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...
Jira: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Jira Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
Search from the Slack app ignores permissions in Confluence
h3. Issue Summary Search from the Slack app ignores permissions in Confluence. There are different scenarios where we see an issue with searching Confluence from Slack: If a user doesn't have permissions to access the space, they can still search for content Search returns information from Spaces...
Improper authorization on project titles vulnerability in Jira - CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. h3. Note on fix The fix was tested internally before backporting it and no issues were...
DoS (Denial of Service) io.netty:netty-codec-http2 in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows...
Authentication Bypass in Jira Seraph - CVE-2022-0540
i Updates 2022/05/05 11:30 AM PDT Updated the List of affected Atlassian Marketplace Apps section to note the following apps have non-vulnerable updates available: Secure Code Warrior® for Jira Simple Tasklists Simple Team Pages for Jira UiPath Test Manager for Jira Xporter - Export issues from...
XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080
Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript: Affected versions: version 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...
Unauthenticated information leakage of temporary files and project keys - CVE-2021-26069
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/\id/ActionsAndOperations API endpoint. The affected versions are before...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
Bitbucket: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Bitbucket Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
XSS in /includes/decorators/global-translations.jsp
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-61888. panel Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to...