4295 matches found
Upgrade bundled Tomcat to the latest minor release
Customer did a Security Scan on the instance and founded the version 5.1.8 that he is using subjected to security vulnerabilities on bundled tomcat which is version 6.0.35. Security Vulnerabilities Information: http://tomcat.apache.org/security-6.htmlFixedinApacheTomcat6.0.36 So customer...
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
h3. Issue Summary Unauthorized access to data from the following API even if the public.access.disabled is enabled. /rest/api/2/projectCategory /rest/api/2/resolution /rest/menu/latest/admin h3. Steps to Reproduce - Install Jira 8.13.9 with H2 database - Create a project and some Project categori...
XStream upgrade to 1.4.18
h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...
DoS via missing input validation in UserPickerBrowser.jspa - CVE-2019-20413
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability on the UserPickerBrowser.jspa page. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...
Template injection in Jira importers plugin - CVE-2019-15001
h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...
Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011
The version of the Application Links plugin used in Bamboo before version 6.8.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...
URL path traversal allows information disclosure - CVE-2019-15004
URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...
CVE-2016-6496: LDAP Java Object Injection in Crowd
The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...
CPU exhaustion caused by DoS against Confluence server by requesting static batch resources
The details of this issue can be viewed here: https://asecurityteam.atlassian.net/browse/VULN-170040 The source code is located at: https://bitbucket.org/atlassian/atlassian-plugins-webresource/src/master/...
RCE (Remote Code Execution) in Confluence Data Center & Server
This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...
XSS in the MigratePriorityScheme resource - CVE-2019-11584
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the priority icon url of an issue priority...
Unauthenticated user can check the whitelist rules for any URL
h3. Issue Summary This issue was discovered through our bug bounty program. An unauthenticated user can check if a URL is permitted through the whitelist. noformat /rest/whitelist/1/check?url=http://www.atlassian.comnoformat returns the whitelist rules associated with http://www.atlassian.com...
Bitbucket Data Center - Path traversal in the migration tool leads to RCE - CVE-2019-3397
h3. Issue Summary Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code executio...
XSS in Custom Filter Title
There is a reflected XSS in the review custom filter...
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...
Upgrade standalone Tomcat to 5.5.25
We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at: https://vulners.com/cve/CVE-2007-3382 https://vulners.com/cve/CVE-2007-3385...
Jira: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Jira Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
Search from the Slack app ignores permissions in Confluence
h3. Issue Summary Search from the Slack app ignores permissions in Confluence. There are different scenarios where we see an issue with searching Confluence from Slack: If a user doesn't have permissions to access the space, they can still search for content Search returns information from Spaces...
Information Disclosure in comment restriction feature - CVE-2019-20410
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. Affected versions: version 7.6.17 7.7.0 ≤ version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.6.17...
Missing access controls in loadattachmentversions action
The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...
Authentication Bypass in Jira Seraph - CVE-2022-0540
i Updates 2022/05/05 11:30 AM PDT Updated the List of affected Atlassian Marketplace Apps section to note the following apps have non-vulnerable updates available: Secure Code Warrior® for Jira Simple Tasklists Simple Team Pages for Jira UiPath Test Manager for Jira Xporter - Export issues from...
Improper authentication on Convert Sub-Task to Issue page - CVE-2019-20412
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names Project Key, if it is part of the workflow name Issue Keys Issue Types Status...
Improper authorization on project titles vulnerability in Jira - CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. h3. Note on fix The fix was tested internally before backporting it and no issues were...
Jira Service Management / Insight Asset Management vulnerable to RCE Security
Description Insight - Asset Management has a feature to import data from several databases DBs. One of these DBs, the H2 DB, has a native function in its library which an attacker can use to run code on the server remote code execution a.k.a. RCE. The H2 DB is bundled with Jira to help speed up...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Include additional parameters to avoid reverse tabnabbing exploits
A customer had their Confluence instance reviewed and found that it was susceptible to Reverse Tabnabbing, like Jira is in JRASERVER-68830. Steps to replicate the issue on Confluence can be found in the file below. ^tabnabbingfindingconfluence.pdf...
SSRF in OIDC Setup [Bitbucket Data Center]
h3. Issue Summary SSRF h3. Steps to Reproduce During set-up of a custom OpenID Connect identity provider in Bitbucket Server but may apply to other Data Center applications that use the same OIDC module|https://hub.docker.com/r/atlassian/bitbucket-server/, one has to specify the "Issuer URL". As...
CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumera...
Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011
The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for mor...
Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check...
Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831
The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...
CVE-2016-4319: /auditing/settings was vulnerable to CSRF
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-61803. panel The /auditing/settings resource was vulnerable to CSRF|https://en.wikipedia.org/wiki/Cross-siterequestforgery attacks...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
DoS (Denial of Service) io.netty:netty-codec-http2 in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows...
Bitbucket: Multiple Servlet Filter Vulnerabilities
Multiple Servlet Filter vulnerabilities have been fixed in Bitbucket Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...
Project enumeration through /browse.PROJECTKEY - CVE-2020-14178
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. Affected versions: version 7.13.17 7.14.0 ≤ version 8.5.8 8.6.0 ≤ version 8.12.0 Fixed versions: 7.13.17 8.5....
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...
Update Java version bundled found in the installer to a version >= 1.8u71
Update the bundled version of java to a version = 1.8u71 1.8 update 71, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlAppendixJAVA. Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the...
Rest API XSS
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14. The vulnerability is located at /rest/prototype/1/session/check/something POC URL: http:///confpath/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E This was confirmed in t...
XStream upgrade to 1.4.17
h3. Problem XStream is vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. This ticket tracks it's upgrade to 1.4.17 panel:title=Atlassian Update - July 2021|borderStyle=solid|borderColor=6554c0|titleBGColor=6554c0|bgColor=eae6ff We have upgrade...
Address CVE-2019-11358 in the bundled version of jQuery
The bundled version of jQuery in Fisheye before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Fisheye...
CVE-2015-8361: Services exposed without authentication Vulnerability
Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port. Affected...
Upgrade Apache Commons-text for CVE-2022-42889
h3. DISCLAIMER panel:bgColor=e3fcef ! Confluence IS NOT VULNERABLE to CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889. This bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the nex...
Customers created via the Customer Portal do not trigger an email verification
In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: version 3.16.13 4.0.0 ≤ version 4.5.3 4.6.0 ≤ version 4.7.0 Fixed versions:...
The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229
The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...
Persistent XSS in JIRA charting plugin Workload Pie Chart Report
The Workload Pie Chart Report included with the JIRA charting plugin contains a number of XSS vulnerabilities. This plugin is bundled with OnDemand. The configuration page contains an XSS vulnerability in custom field names. 1. Create a custom field with the name alert'custom field' 2. Try to...
Remote code execution via OGNL injection in Confluence Server & Data Center - CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7,...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...