Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2015/05/13 11:2 p.m.18 views

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/03/25 1:19 p.m.18 views

Sensitive information displayed in anonymous REST API calls

h4. Expected behavior Block sensitive information from being displayed on anonymous REST API calls in JIRA. h4. Actual behavior Users' full-name are displayed when running the calls below: noformat /user/picker?query= /groupuserpicker?query=ali&showAvatar noformat Default fields and custom fields...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/08 11:51 a.m.18 views

Administrator role has access to restricted pages

Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people administrators? still have access can view, change permission and add comments. This is regardless of space or site restriction. We are using the build-in security systems shared with JIRA...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2014/12/22 5:19 p.m.18 views

Ability to encryption Confluence's notification emails.

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-35985. panel Confluence is growing fast as well as security. It would be great if we were capable to configure Confluence to...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/12/16 12:2 a.m.18 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to be able to access the FishEye web interface. All versions of FishEye up to and including 3.6.1 a...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/11/14 3:4 p.m.18 views

XSS vulnerability in spacedirectory

Good morning, I wanted to tell you to run vulnerability tests confluence, thrown the same XSS vulnerabilities. Version tested: 5.4.4 What steps should I follow to fix their vulnerabilities? Or vulnerabilities will be resolved for you? I attached the vulnerabilities: 1 GET...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/07 4:8 a.m.18 views

"Recently updated" plugin can be used to reflect arbitrary static content to browser

This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/01 1:24 a.m.18 views

Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47841. panel h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Brows...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/01 1:24 a.m.18 views

Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47841. panel h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Brows...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2014/09/06 3:12 p.m.18 views

Tools/Share sends e-mail to disabled users

I have Confluence/JIRA latest versions self hosted. Confluence gets its users from JIRA. I created a new topic and then used the Tools/Share option to notify all of the new topic. I used "jira-users" to send the message to. It sent to everyone including disabled users. I would expect the behavior...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/29 9:27 p.m.18 views

Password for LDAP Connection Displayed in the "directoryConfigurationSummary.txt" file

In the Support.zip|https://confluence.atlassian.com/display/DOC/Troubleshooting+Problems+and+Requesting+Technical+SupportTroubleshootingProblemsandRequestingTechnicalSupport-Method1:UsingtheSupportRequestFormviatheConfluenceAdministrationConsole there is a file named...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/29 4:12 a.m.18 views

Escape or filter script tags in "all activity" panel

We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...

6.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.18 views

Make categories in Space Directory visible only to users who can access the spaces

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-34136. panel Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/27 1:2 a.m.18 views

Remote DoS Exploit on Confluence

Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/25 11:54 p.m.18 views

Bruteforce Attack via Applinks Servlet

An attacker is able to perform bruteforce attacks via the applinks servlet. There is no captcha protection, nor do accounts get locked out after excessive attempts. The attacker can input a username, and perform bruteforce attacks on the login form. The core issue is that there is no login attemp...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/19 7:51 a.m.18 views

Flash content-type sniffing allows Cross Site Data Hijacking

As documented at http://blog.detectify.com/post/86298380233/the-pitfalls-of-allowing-file-uploads-on-your-website it is possible to upload a flash file to confluence with a different content-type than for flash and when embedded on an attacker's domain will be able to make requests to the...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2014/06/10 5:53 a.m.18 views

XSS in FilterSubscription

h4. To reproduce: Visit: code:none /secure/FilterSubscription!default.jspa?returnUrl=javascript:alert1 code Click "Cancel" An alert should appear This URL should be restricted to the current domain, and to http/https protocols...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/09 12:56 p.m.18 views

statTypes REST API exposes all statistics field names anonymously

On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 1:6 p.m.18 views

Indexable User Content (Attachments) on Google

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing rul...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2014/05/22 7:38 p.m.18 views

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

h3. Steps to reproduce: Confluence 3.5.13 Installed, booted up Postregres DB Shutdown, applied patch following advisory admin panel not accessible content appears to be missing see errors in the logs: code 2014-05-22 16:28:50,308 ERROR http-8080-1 Standalone.localhost./.action log Servlet.service...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/22 12:50 p.m.18 views

Upgrading to 5.5.1 from 5.4.3 didn't update xwork from 1.13 to 1.17

We recently upgraded our instance following your security advisory. It was discovered shortly after the upgrade that the xwork file that was vulnerable 1.13 was not upgraded to the safe version 1.17. This could have just been specific to our instance but you should check your upgrade process and...

3.3AI score
Exploits0
Atlassian
Atlassian
added 2014/05/19 3:12 a.m.18 views

Stored XSS in OnDemand Confluence Header via username

This is from an external report. Creating a user with username: code " code and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures...

3AI score
Exploits0
Atlassian
Atlassian
added 2014/04/30 3:27 p.m.18 views

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/25 7:23 a.m.18 views

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38028. panel There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/03/06 5:3 p.m.18 views

Certificates are not checked with a Default installation of StrTreeWin

Message during HG checkin: warning: bitbucket.org certificate with fingerprint 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b not verified check hostfingerprints or web.cacerts config setting This is a default install, and such an install should have security configured correctly out...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2014/02/18 12:1 a.m.18 views

Content Spoofing in the createrssfeed action

A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/07 6:4 a.m.18 views

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

3.4AI score
Exploits0
Atlassian
Atlassian
added 2014/02/06 9:27 a.m.18 views

Improve filter behaviour: auto-complete should not give away field values

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36881. panel h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, wh...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/29 3:42 p.m.18 views

JIRA sends in-app notifications to Confluence for restricted comments

If you have a primary application link between JIRA in Confluence, users get a notification in their Confluence workbox everytime someone comments in a ticket the user is watching. Users receive the notification with the text of the comment even when the comment is restricted to other groups,...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2014/01/29 3:42 p.m.18 views

JIRA sends in-app notifications to Confluence for restricted comments

If you have a primary application link between JIRA in Confluence, users get a notification in their Confluence workbox everytime someone comments in a ticket the user is watching. Users receive the notification with the text of the comment even when the comment is restricted to other groups,...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/24 1:21 a.m.18 views

XSS on several select lists

Steps to reproduce: -Create a new issue type -Add "alert'Issue name' as Issue name mind the qoute at the beginning -Add "alert'Issue desc' as Issue Description -Add /images/icons/issuetypes/genericissue.png "alert'Issue icon' as Issue Icon -Make sure that this issue type is available on your...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/13 2:54 p.m.18 views

Whitelist or blacklist for inline attachment display

Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be helpful if there is an extra option which allow the administrator to control the type of attachment which can be displayed inline...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/10 2:48 p.m.18 views

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/08 3:10 p.m.18 views

Cross Site Scripting vulnerabilities in Pickers

Currently, the confluence picker does not sanitize the input /crowd/console/secure/pickers/displayPicker.action. Proof of concept. Access the following URL in your browser with javascript enabled. Replace the with your crowd URL. panel...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/19 12:48 a.m.18 views

Several actions vulnerable to CSRF (have websudo protection)

A number of actions in JIRA were vulnerable to CSRF as they performed no token checking. These actions are protected by websudo, which makes exploiting them impossible...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/11 7:32 p.m.18 views

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31944. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visibl...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/10 1:42 p.m.18 views

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/05 3:4 p.m.18 views

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/30 9:24 a.m.18 views

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/29 6:54 a.m.18 views

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/24 7:34 a.m.18 views

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/10 11:28 p.m.18 views

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 11:4 a.m.18 views

User lister action has no cross-site request forgery (XSRF) protection

Confluence allows an administrator to configure the groups which will not be allowed for member listing by the userlister macro. The doconfigure action that implements this functionality is vulnerable to cross-site request forgery XSRF. An attacker who exploited this vulnerability could cause the...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 11:4 a.m.18 views

User lister action has no cross-site request forgery (XSRF) protection

Confluence allows an administrator to configure the groups which will not be allowed for member listing by the userlister macro. The doconfigure action that implements this functionality is vulnerable to cross-site request forgery XSRF. An attacker who exploited this vulnerability could cause the...

1.9AI score
Exploits0
Atlassian
Atlassian
added 2013/09/20 5:8 p.m.18 views

doremovespacemail action can be called by non-admins

The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.18 views

Implement clickjacking protection on https://answers.atlassian.com/

We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to clickjacking|http://en.wikipedia.org/wiki/Clickjacking. This can be fixed by sending a X-Frame-Options header with a value of SAMEORIGIN. This will prevent answers from being displayed ...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 6:17 a.m.18 views

Resource file path traversal in IconDownloadResourceManager

To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/10 12:59 p.m.18 views

"Contact Administrators" Process Doesn't Exclude Disabled Administrators

h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/04 12:24 a.m.18 views

XSS vulnerability in the Office Powerpoint macro (Office Connector)

To reproduce: 1. Attach a ".ppt" file to the page. any file with that extension - doesn't need to be a powerpoint file 2. Add "Office Powerpoint" macro with Slide Number as: code "alertdocument.domain code 3. View page. See officeconnector, PptConverter.java, line...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/22 4:55 a.m.18 views

Make custom field description and options rendering consistent for OnDemand and BTF

JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on OnDemand. On OnDemand, custom field descriptions are wiki markup, but on BTF they're HTML. On OnDemand, custom field options e.g. for checkbox are plain text, but on BTF...

0.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295