Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2009/09/02 3:54 p.m.18 views

"User Custom Field Value" permission type incorrectly exposes JIRA project names to everyone

Problem: Project names are shown to users with no permission to see the project. Impact: Security hole! Recipe: it helps to have two browsers open one logged in as admin the other as the user I will create called dummy Add user dummy Add project blah Add custom field myuser of type user picker,...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/18 1:18 a.m.18 views

XSS vulnerability can be exploited with the pagetree macro

Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2009/08/12 6:33 p.m.18 views

Uploading large fonts for PDF export fails with XSRF error

When uploading souizhs.ttf font that we use due to its comprehensive UTF8 support, I'm getting XSRF validation error: quote Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page. quote I tried...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/07/31 3:0 a.m.18 views

JIRA should trust itself by default.

Upgrade Seraph and Trusted apps to 2.0.1/2.1. If the CurrentApplication implements TrustedApplication then return it if it is asked for by id...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/07/31 3:0 a.m.18 views

JIRA should trust itself by default.

Upgrade Seraph and Trusted apps to 2.0.1/2.1. If the CurrentApplication implements TrustedApplication then return it if it is asked for by id...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/06/18 6:38 a.m.18 views

XSS vulnerability in space name when page move would create a duplicate

Create a space called alert"XSS"; Find a page named 'Home' in a different space Move this page, choosing the previously created space as the destination The move will fail due to the duplicate page name, and the script will be run...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/05/20 6:9 a.m.18 views

Jiraissues add icon mapping configuration is susceptible to XSS

Combined with XSRF susceptibility via CONF-15753; you can craft an attack to get elevated privileges in Confluence. !http://img.skitch.com/20090520-x5gug8e8q5snabtmm2i2kdx1p.jpg!...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.18 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/26 12:44 a.m.18 views

Impropper sanitisation of attachment filenames allows header injection

An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream...

4.4AI score
Exploits0
Atlassian
Atlassian
added 2009/02/20 12:41 a.m.18 views

Redirect that works in 2.9 is broken in later Confluence versions

Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/02/18 8:8 p.m.18 views

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/01/28 9:58 p.m.18 views

Ability to grant Import/Export privileges to a group or a user

In our JIRA environment, we have several projects where each of the project admins uploads tasks from a CSV file into their respective project. Inorder for these project admins have the upload permissions, they need to be part of the JIRA System Administration group. This is unacceptable and is a...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/11/07 6:43 p.m.18 views

Boolean operators on user and group management

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-13634. panel Please consider this as a feature request for a future release of Confluence. Boolean operands on Space permissions...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/04 1:18 a.m.18 views

XSS in site search action

http://confluence.atlassian.com/dosearchsite.action?where=confall&queryString=%3Cscript%3Ealert'foo';%3C/script%3E queryString needs to be escaped. This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/08/29 6:36 p.m.18 views

Pages that inherit page restrictions are not respecting those restrictions after upgrade to Confluence 2.9

Tested and verified in both customer enviornment and in test enviornment. In the event that you have a parent page restriction and a child page that inherits that restriction, upon upgrade, 2.9 will only respect the explicit parent permission in terms of security trims and actual access but not...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/08/19 5:10 a.m.18 views

The TrustedApplicationsFilter doesn't work for /rpc/* URLs

The sessioninview filter doesn't cover rpc URLs I think because this meant that RPC actions didn't show up in the DB until the response what completely written This means that lazily loaded data returned by the HibernateTrustedApplicationDao causes problems when the TrustedApplicationsFilter trie...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/07/10 6:30 p.m.18 views

Restrict the transmission of Confluence version details

I noticed that on several installs, Confluence by default displays its full version number and sometimes build number to the world. It is a commonly accepted web security practice to withhold all product details, including version information, except to users on a "need to know" basis. Otherwise,...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/06/14 3:37 p.m.19 views

XSS using onerror

We had a user enter a viagra ad that actual redirected to their site. I think the offending code was here: although obviously they didn't use example.com I've attached the whole page for examination...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/06/04 1:58 a.m.18 views

SSO credentials not used in IssueViewURLHandler

A customer has created a SSO plugin and are facing some specific issues in this context. When they click on the printable link of an issue i.e: http://jira/lodh/si/jira.issueviews:issue-html/ORGJIRA-13/ORGJIRA-13.html they get an error page indicating "the user myuser... doesn't exist..." They...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/04/04 4:21 p.m.18 views

Change issue Security Level on Transition

We need a way to automatically change the Security Level of an issue when it is transitioned. Currently our project is has a default Security Level that only allows the assignee and management to see an issue, we would like to automatically open that issue up once it is fixed...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/03/17 5:0 a.m.18 views

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/03/11 4:8 a.m.19 views

username not validated in add user to favourites action

Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/03/10 4:44 a.m.18 views

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/12/19 2:16 p.m.18 views

Security vulnerability with Dashboard spacesSelectedTab

Our security team has reported the following vulnerability, which must be resolved for us to use the application. Severity: High Test Type: Application Vulnerable URL: https://gforgewiki.nci.nih.gov/dashboard.action Parameter = spacesSelectedTab Remediation Tasks: Filter out hazardous characters...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/11/12 3:22 a.m.18 views

Bulk Move does not update the Security Level of subtasks

When doing a bulk move, Parent issues moved to a new project must take any subtasks with them. If the new project has a different Issue Security scheme, then issues should get the default issue security in the new project. Currently a bulk move will change the security setting of parent issues, b...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/24 6:4 a.m.18 views

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2007/07/31 4:4 a.m.18 views

Remove the space-list from the 404-error-page to reduce load on server

The default 404 page shows a list of spaces. On a big, busy instance this can generate a lot of load. The query is run on every 404 which can happen multiple times on a request if there are some bad resources missing css/js etc. Perhaps there should be some sort of throttling or configuration to...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/30 6:32 p.m.18 views

"Current Assignee" on Browse Permission problem

I have created a permission scheme in Jira but I am experiencing an odd behaviour. I have 5 users in Jira and in the permission scheme, the Browse Projects is assigned to: - Project Lead - Project Role Administrators - Project Role Clients Among the 5 users, 3 fit these categories. One is a proje...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/24 7:51 a.m.18 views

Reflected XSS Vulnerability in the Feed Builder

---- Input in the Feed Builder is not properly handled. Insert: code "alert'Gotcha!' code as the feed name title and you get url like this:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/23 11:52 a.m.18 views

XSS vulnerability at "Edit Space Permissions"

Description: XSS vulnerability at "Edit Space Permissions" page Exploit: Write to the "Grant permission to" field: "alertdocument.cookie"...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/19 8:31 p.m.18 views

stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action

Description: Stored XSS via page app/themes/leftnavigation/configuretheme.action?key= Exploit: Example value in the Naviagtion Page field: "aletrdocument.cookiex x="...

2.6AI score
Exploits0
Atlassian
Atlassian
added 2007/07/19 12:56 p.m.18 views

XSS vulnerability in app/pages/listpages-alphaview.action

Description: XSS via the "startsWith" field in pages/listpages-alphaview.action. Exploit: noformathttp://app/pages/listpages-alphaview.action?key=&startsWith=xss:alertdocument.cookienoformat...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/19 12:41 p.m.18 views

XSS vulnerability in app/spaces/listattachmentforspace.action

Description: XSS via the "Filter By File Extension" field in app/spaces/listattachmentforspace.action. Exploit: blah"alertdocument.cookiex x="...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/19 8:51 a.m.18 views

People Directory search can be misused to retrieve email addresses of all users

Even when email addresses should be hidden because of global settings, it is possible to retrieve email addresses of all the users in the system by misusing search in people directory. It seems that the email address is one of the attributes that are being indexed by the search engine. So if one...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/11 12:37 a.m.18 views

Security issue: user can copy page with only view permissions

I have a user who only has view permissions to a space. Logging on as that user, I went to the Info tab of a page. The Copy operation appeared, and I was able click the link, edit the copied page, and save it. This must be a security hole?...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/26 3:14 p.m.18 views

Allow embedding multimedia content located on remote servers

Re: CSP-8387 Currently, when embedding multimedia content on Confluence you are restricted to embedding files located on the Confluence server. The page http://confluence.atlassian.com/display/CONF20/Embedding+Multimedia+Content singles out "security reasons" as the reason for this limitation. In...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/13 1:58 a.m.18 views

Authentication via os_username and os_password URL params is broken

Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2007/03/21 4:40 a.m.18 views

Deleting a custom field which has an issue security scheme or permission scheme on it causes system error

A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2006/11/29 8:6 a.m.18 views

Directory listing enabled on Tomcat

Tomcat has directory listing enabled by default. This allows browsing directories such as /images/. It seems that the filters do not take action in preventing the unauthorized access. When directory listing is disabled /conf/web.xml in Tomcat directory Jira gives 404 errors. See...

3.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/11/03 3:17 a.m.18 views

Project admin is presented with an option to select a Screen Scheme

The option of changing the scheme should only be given to the global admins...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/11/08 2:58 p.m.18 views

A page containing the rss-macro is not displayed if the requested rss-feed is "down"

A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/11/08 2:58 p.m.18 views

A page containing the rss-macro is not displayed if the requested rss-feed is "down"

A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/02/14 4:19 a.m.18 views

Applet certificate is not trusted.

You need to get a proper certificate for the applet - or else there will be some disquiet amongst some corporate users - and their IT Security overlords...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/03/04 6:29 p.m.17 views

DoS (Denial of Service) glob-parent Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVS...

7.5CVSS5.8AI score0.04456EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/24 9:29 p.m.17 views

DoS (Denial of Service) axios Dependency in Crowd Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 5.3.1, 6.0.0, 6.1.3, 6.2.2, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.2AI score0.02591EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/24 9:28 p.m.17 views

DOM-based XSS @remix-run/router Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N allows an unauthenticated attacker to execute arbitrary HTML or JavaScrip...

8CVSS6.1AI score0.0077EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/09 5:27 p.m.17 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.12.2, 9.13.0, 9.14.0, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score ...

7.5CVSS8AI score0.01819EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/08 10:27 p.m.17 views

Injection sha.js Dependency in Jira Software Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center and Server. This Injection vulnerability, with a CVSS Score of 9.1 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows an...

9.1CVSS6.5AI score0.00651EPSS
Exploits2
Atlassian
Atlassian
added 2026/01/07 7:27 p.m.17 views

DoS (Denial of Service) cross-spawn Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.5 and 10.3.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of code:java...

8.7CVSS8.3AI score0.00873EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/02 7:27 a.m.17 views

DoS (Denial of Service) qs Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 10.3.14 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of code:java...

6.3CVSS5.5AI score0.0041EPSS
Exploits1
Total number of security vulnerabilities4295