4295 matches found
XML Vulnerability in Confluence
We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to: Execute denial of service attacks against the Confluence server, or Read all local files readable to the system user under...
XML Vulnerability in JIRA
We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...
Disable browser password save on Admin page in Firefox
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-25008. panel In Chrome, Safari and IE there is no browser prompt to store the password but on Firefox both Mac and Windows I ge...
Disable browser password save on Admin page in Firefox
In Chrome, Safari and IE there is no browser prompt to store the password but on Firefox both Mac and Windows I get prompted to save the password. We are only concerned about this for the Admin page password prompt specifically...
open redirect in flushcache.action
A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the here is an example attack using the flaw...
open redirect in flushcache.action
A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the here is an example attack using the flaw...
XSS Vulnerabilities in JIRA Attachments?
At the current moment, JIRA do not have any restrictions for attachment files, which allows users to upload malicious file into JIRA issues. This can be a problem when we open an attachments using Mozilla Firefox, since the browser allows us to open attachments using web browser. The steps to...
XSS Vulnerabilities in JIRA Attachments?
At the current moment, JIRA do not have any restrictions for attachment files, which allows users to upload malicious file into JIRA issues. This can be a problem when we open an attachments using Mozilla Firefox, since the browser allows us to open attachments using web browser. The steps to...
XSS Vulnerabilities in JIRA Attachments?
At the current moment, JIRA do not have any restrictions for attachment files, which allows users to upload malicious file into JIRA issues. This can be a problem when we open an attachments using Mozilla Firefox, since the browser allows us to open attachments using web browser. The steps to...
Issue key can be enumerated - Resolve Issue Feature
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to horizontal privilege elevation attacks within the Resolve Issue feature, accessible through the given address:...
Issue key can be enumerated - Resolve Issue Feature
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to horizontal privilege elevation attacks within the Resolve Issue feature, accessible through the given address:...
XSS vulnerability in a user's comment
We have identified and fixed a stored cross-site scripting XSS vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5 XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attac...
XSS vulnerability in a user's comment
We have identified and fixed a stored cross-site scripting XSS vulnerability in the FishEye user profile. Affected versions are all versions earlier than 2.5.5 XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attac...
Actions doeditpage,domovepage,docreatepage do not require XSRF token
When checking the application for security leaks, I found that the actions doeditpage, domovepage and docreatepage explicitly set the requireSecurityToken=false in the xwork.xml. This could be a possible leak in an attack scenario. Is there a reason, why these actions should not require the...
Visual clues to native vs. ldap users and groups
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-23355. panel In a mixed environment with Confluence and LDAP users and groups, it would be helpful when administering users and...
XSS Vulnerability in Administration Interface of JIRA Bamboo Plugin
We have identified and fixed a cross-site scripting XSS vulnerability in JIRA administration interface. Affected version is JIRA 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various places on the web...
make space admin able to see restricted pages in his own space
This is a request to make space admins able to see the content of restricted pages in their own spaces. Currently only confluence-administrators can do that...
Enumeration of usernames possible in Jira
We found enumeration of usernames to be possible in Jira 4.3.4 despite the login failure message not revealing whether it was the username or password that was incorrect. After 3 failed login attempts a captcha appears only if the user exists, otherwise not. This allows an attacker to enumerate t...
GeneralUtil.htmlEscapeQuotes should be annotated HtmlSafe
The GeneralUtil.htmlEscapeQuotes method outputs HTML and thus should be annotated as @HtmlSafe. Not doing so causes its output to be double escaped when automatic escaping is enabled for the plugin/velocity template...
Support web sudo and other password confirmation features with custom authenticators
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-22875. panel By default, web sudo and other password confirmation features in Confluence 3.5 and later are disabled if a custom...
Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header
We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...
On internal error, JIRA will display error information to the user (in the browser)
When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...
Permission checking bug in Crucible Review Tooltips
We have identified and fixed a permission checking bug in the Crucible review tooltips. Affected versions are 2.4.6 to 2.5.6 This bug allows users to view metadata for a reviews that they do not have permission to view. This issue is reported in our security advisory on the following page:...
Permission checking bug in Crucible Review Tooltips
We have identified and fixed a permission checking bug in the Crucible review tooltips. Affected versions are 2.4.6 to 2.5.6 This bug allows users to view metadata for a reviews that they do not have permission to view. This issue is reported in our security advisory on the following page:...
Admin JSPs don't have XSRF protection
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...
Admin JSPs don't have XSRF protection
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...
XSS Vulnerability in Issue Links and Labels
We have identified and fixed a number of cross-site scripting XSS vulnerabilities in JIRA issue links and labels. Affected versions are 4.2.x to 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various...
XSS vulnerability in doeditmysettings.action
This vulnerability affects all versions from 3.5 and above. We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence settings editing action. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more...
"Forgot Password" feature should not reveal that a given username exists within Confluence for security reason
It is possible to see which user exists on Confluence or not from within "Forgot Password" link. This is bad for security reasons. If you enter a non-existant username, it currently warns "No user with that username exists". Instead, the feature should give same message, regardless of whether the...
XSS vulnerability in Crucible changeset comments in search results
We have identified and fixed a cross-site scripting XSS vulnerability in the Crucible changeset comments in search results. Affected versions are Crucible 2.3.0 to 2.5.0 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You ca...
XSS vulnerability in Crucible Author Mapping
We have identified and fixed a cross-site scripting XSS vulnerability in the Crucible Author Mapping. Affected versions are Crucible 2.4.5 to 2.5.0 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS...
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
Seraph in Confluence 3.5 environment no longer able to instantiate custom authenticator
Customer using custom authenticator no longer works in Confluence 3.5 despite updates to latest API, latest Atlassian SDK, and building against Confluence 3.5 and embedded Crowd. See attached error log from customer. In brief, error is: noformat Caused by:...
Searching within restricted pages/spaces
This is the issue reference: https://support.atlassian.com/browse/CSP-59005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel I wanted a feature wherein a user can search within spaces or pages that he/she does not have access to. There are some pages that I do not want everyone t...
Cache Crowd Authentication on the client side
Jira is very chatty with Crowd, see: https://support.atlassian.com/browse/CWDSUP-4148 One request is sent to crowd per request into jira. Something like: com.atlassian.crowd.integration.service.cache.CacheAwareAuthenticationManager should be used. We have a similar issue with Confluence...
User Enumeration
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...
Admin menu items displayed to non-admins when accessing "Global Templates" page
When accessing the "Global Templates" menu as a non-admin, the navigation controls for the administration panel are displayed. The links cannot be used without entering new credentials, but it would be more consistent to hide the links from non-admins, just as we hide "System Administrator" links...
XSS vulnerability in Create Space Button macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence create-space-button macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including...
XSS vulnerability in Create Space Button macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence create-space-button macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including...
XSS vulnerability in Global Reports macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence global-reports macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...
XSS vulnerability in Bookmarks macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence bookmarks macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...
adding "Project Member" to User/Group/Projectrole options list for security level
I'm looking for a fast and easy way to handle security viewability of issues over all projects. Scenario is: We have setup the Jira company environment and several different projects. We have some external developers that are assinged to their specific projects. I did not yet use the security...
Allow to specify which user to be used in trusted connection with JIRA
This is an improvement request to allow specifying which user to be used in trusted connection with JIRA. Proposed example next to the documented examples in Jira Issues Macro|http://confluence.atlassian.com/display/DOC/JIRA+Issues+Macro bq. Anonymous=false: EITHER use the user credentials define...
Allow to specify which user to be used in trusted connection with JIRA
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-21127. panel This is an improvement request to allow specifying which user to be used in trusted connection with JIRA. Proposed...
restrict the access to JIRA for specific pairs "user account - host"
to be able to restrict the access to JIRA for specific pairs "user account - host" also to provide: 1. specify checkbox user account - "any host" 2. specify multiple hosts for one user account 3. to use Windows AD containers such distribution groups and computer groups in tool of the coding of...
Property for enabling/disabling viewage of Jira administrators
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-22096. panel As of JRA-21004, it also happened that the Administrator page does not show the administrators anymore. This patch is enables...
NullPointerException when Switching between Projects or Boards
In my case, the WEB-INF/classes/log4j.properties included has these loggers turned off, but they still seem to run. I am including a patch that ignores the NullPointerException following the pattern of ignoring the ClassNotFoundException. Details below taken from:...
Logout Button / Option Missing for some LDAP user accounts
Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...
Logout Button / Option Missing for some LDAP user accounts
Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...
WebSudo should be disabled in devmode
When confluence is started in dev mode, websudo should be disabled...