Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2007/04/26 3:14 p.m.18 views

Allow embedding multimedia content located on remote servers

Re: CSP-8387 Currently, when embedding multimedia content on Confluence you are restricted to embedding files located on the Confluence server. The page http://confluence.atlassian.com/display/CONF20/Embedding+Multimedia+Content singles out "security reasons" as the reason for this limitation. In...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/13 1:58 a.m.18 views

Authentication via os_username and os_password URL params is broken

Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2007/03/27 7:41 a.m.18 views

Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date

emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/21 11:3 p.m.18 views

Make anonymiser more strict about the translation of values

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-12420. panel the anonymiser replaces letter and number characters in string values during xml backup. A more strict anonymiser would replace...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2006/08/22 7:36 a.m.18 views

publically available usernames are a security risk

The login username of users is revealed all over the place in URLs that link to user profile, or user's list of assigned open bugs etc. This seems to be a big security risk, because you have given away half of the user identification to strangers. Anybody can look up a user in the issue tracker a...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/11/14 11:3 p.m.18 views

Encrypt all passwords stored on the file system

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-2146. panel Passwords are not encrypted in confluence-mail.cfg.xml nor in confluence.cfg.xml; they should be. Resolve an...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/11/08 2:58 p.m.18 views

A page containing the rss-macro is not displayed if the requested rss-feed is "down"

A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/02/14 4:19 a.m.18 views

Applet certificate is not trusted.

You need to get a proper certificate for the applet - or else there will be some disquiet amongst some corporate users - and their IT Security overlords...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/03/04 6:29 p.m.17 views

DoS (Denial of Service) glob-parent Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVS...

7.5CVSS5.8AI score0.04456EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/24 9:29 p.m.17 views

DoS (Denial of Service) axios Dependency in Crowd Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 5.3.1, 6.0.0, 6.1.3, 6.2.2, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS6.2AI score0.02591EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/24 9:28 p.m.17 views

DOM-based XSS @remix-run/router Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N allows an unauthenticated attacker to execute arbitrary HTML or JavaScrip...

8CVSS6.1AI score0.0077EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/09 5:27 p.m.17 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.12.2, 9.13.0, 9.14.0, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score ...

7.5CVSS8AI score0.01819EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/08 10:27 p.m.17 views

Injection sha.js Dependency in Jira Software Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center and Server. This Injection vulnerability, with a CVSS Score of 9.1 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows an...

9.1CVSS6.5AI score0.00651EPSS
Exploits2
Atlassian
Atlassian
added 2026/01/07 7:27 p.m.17 views

DoS (Denial of Service) cross-spawn Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.5 and 10.3.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of code:java...

8.7CVSS8.3AI score0.00873EPSS
Exploits0
Atlassian
Atlassian
added 2026/01/02 7:27 a.m.17 views

DoS (Denial of Service) qs Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 10.3.14 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of code:java...

6.3CVSS5.5AI score0.0041EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/12 7:28 a.m.17 views

Improper Authorization org.springframework:spring-core Dependency in Bitbucket Data Center and Server

This High severity Improper Authorization vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5, allows an attacker to potentially perform actions to circumvent authorization checks, which...

7.5CVSS8.3AI score0.0046EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/10 7:24 a.m.17 views

XXE (XML External Entity Injection) in Jira Software Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in version 11.2.0 of Jira Software Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

7.5CVSS7.5AI score0.01345EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/10 3:27 a.m.17 views

XXE (XML External Entity Injection) in Jira Service Management Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, and 11.1.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of...

9.8CVSS6.9AI score0.02962EPSS
Exploits4
Atlassian
Atlassian
added 2025/12/10 2:25 a.m.17 views

XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crowd Data Center and Server

This Crowd release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for exploitation...

9.8CVSS7.9AI score0.79807EPSS
Exploits5
Atlassian
Atlassian
added 2025/12/10 2:11 a.m.17 views

XXE (XML External Entity Injection) Tika Dependency Vulnerability in Bamboo Data Center and Server

This Bamboo release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for exploitation...

9.8CVSS8.4AI score0.79807EPSS
Exploits5
Atlassian
Atlassian
added 2025/12/09 10:50 p.m.17 views

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

7.5CVSS6.7AI score0.64718EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/09 7:35 a.m.17 views

DoS (Denial of Service) minimatch Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-3517 was introduced in 10.3.13 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

7.5CVSS7.5AI score0.01674EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.17 views

Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-28471

This High severity vulnerability known as CVE-2020-28471 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

9.8CVSS6.8AI score0.01092EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.17 views

RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2016-1000027

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.32257EPSS
Exploits4
Atlassian
Atlassian
added 2025/11/13 11:28 p.m.17 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-52428

This High severity vulnerability known as CVE-2023-52428 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

7.5CVSS6.8AI score0.00814EPSS
Exploits0
Atlassian
Atlassian
added 2025/09/19 11:4 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server - CVE-2025-22166

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

8.3CVSS6.5AI score0.00459EPSS
Exploits0
Atlassian
Atlassian
added 2025/09/17 3:9 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.0, and 11.0.0 of Jira Software Data Center and Server. This Third-Party Dependency...

7.5CVSS6.8AI score0.64718EPSS
Exploits1
Atlassian
Atlassian
added 2025/09/09 2:9 a.m.17 views

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Crucible Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.9.0 of Crucible Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

7.5CVSS8.7AI score0.64718EPSS
Exploits1
Atlassian
Atlassian
added 2025/08/13 6:9 a.m.17 views

Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

7.5CVSS7.3AI score0.03163EPSS
Exploits0
Atlassian
Atlassian
added 2025/08/13 6:9 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7.2AI score0.54877EPSS
Exploits1
Atlassian
Atlassian
added 2025/08/13 6:8 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7.2AI score0.0196EPSS
Exploits0
Atlassian
Atlassian
added 2025/07/09 4:9 a.m.17 views

Security Misconfiguration vulnerability in Bitbucket Data Center and Server

This High severity Security Misconfiguration Dependency vulnerability was introduced in versions 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Security Misconfiguration vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

8.2CVSS7.1AI score0.00461EPSS
Exploits0
Atlassian
Atlassian
added 2025/07/05 5:9 a.m.17 views

BASM (Broken Authentication and Session Management) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 10.3.0 and 10.7.1 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an...

7.5CVSS7.3AI score0.03163EPSS
Exploits0
Atlassian
Atlassian
added 2025/06/05 6:8 a.m.17 views

DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 6.1.0 and 6.2.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

7.5CVSS7.8AI score0.01119EPSS
Exploits1
Atlassian
Atlassian
added 2025/04/25 5:8 a.m.17 views

DoS (Denial of Service) io.netty:netty-handler Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.11.3, 9.12.0, 9.13.0, 9.14.0, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7....

7.5CVSS7.3AI score0.01966EPSS
Exploits1
Atlassian
Atlassian
added 2025/03/11 2:55 p.m.17 views

Dummy Issue

h3. Issue Summary This issue is created to test the automation rule to restrict the access level in case of a security bug. h3. Steps to Reproduce Dummy step 1 Dummy step 2 h3. Expected Results Dummy h3. Actual Results The below exception is thrown in the xxxxxxx.log file: noformat ... noformat h...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/02/27 5:14 a.m.17 views

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bitbucket Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center. This...

7.5CVSS7.1AI score0.011EPSS
Exploits0
Atlassian
Atlassian
added 2024/12/12 1:15 p.m.17 views

DoS (Denial of Service) ua-parser.js Dependency in Crowd Data Center

This High severity DoS Denial of Service vulnerability, caused by ua-parserj.js, was introduced in versions 6.0.4 and 6.1.2 of Crowd Data Center. This DoS Denial of Service, with a CVSS Score of 7.5 and a CVSS vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, allows an unauthenticated...

7.5CVSS6.7AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2022/03/07 8:14 a.m.17 views

Update atlassian-gadgets to 4.2.41 to fix information leak

The atlassian-gadgets library bundled in Crucible allowed an information leak about installed plugins to anonymous users...

6.7AI score
Exploits0
Atlassian
Atlassian
added 2019/06/03 3:47 a.m.17 views

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

1.8AI score
Exploits0
Atlassian
Atlassian
added 2018/10/23 8:19 a.m.18 views

JIRA Anonymous User Able To Search Creator Name In JQL Search When Key In Full User Name Even When Browse User Permission Doesn't Allow Anyone

h3. Summary JIRA Anonymous User Is Able To Search For Creator Name Via JQL Search Screen|http://localhost:8080/issues/?jql= By Insert Full User Name Even When Browse User Global Permission Doesn't Allow "Anyone". This is definitely not an expected behavior if "Browse User" wasn't set to anyone...

Exploits0
Atlassian
Atlassian
added 2017/03/04 9:49 a.m.17 views

Lucene query checks plan permission against random plan

h1. Summary Bamboo runs permission validation against random plan when execute report h1. Details When execute report generator Bamboo checks if user has READ permission to plan. Sometimes it checks it against another plan User mode Create 2 plans Plan1 and Plan2 in same project. And execute them...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/19 9:31 a.m.17 views

Update application-links to fix APL-1327

Now that https://ecosystem.atlassian.net/browse/APL-1327 has been fixed, upgrade application-links to a version that contains a fix for it. In this case Fecru would update application-links from version 5.2.3 the version comes from the platform pom to version 5.2.4...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/06 11:12 a.m.17 views

Non-admin User Should not be able to see all users/groups in drop down

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Portfolio Server. Using JIRA Portfolio Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JPOCLOUD-1781. panel h3. Summary In Plan configuration Permissions Plan access. Non-admin users can try to add Viewers and see all...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/28 4:10 a.m.17 views

Update atlassian-gadgets in Confluence to fix AG-1502/ACG-5

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-45392. panel For Confluence Server as https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets ...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/09 11:9 a.m.17 views

User Management - Space View and Edit Control

With our Confluence users linking to LDAP, it is difficult having to create and delete groups to control permissions. Whilst it is great having permission controls for each space, this can be a nightmare going through each one to control individual users and having a list the length of my arm to...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/09 11:9 a.m.17 views

User Management - Space View and Edit Control

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-45194. panel With our Confluence users linking to LDAP, it is difficult having to create and delete groups to control...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/02 7:29 a.m.17 views

SECURITY: Update application-links in JIRA Server to fix APL-1327

Now that https://ecosystem.atlassian.net/browse/APL-1327 has been fixed, upgrade application-links to a version that contains a fix for it. In this case JIRA server would update application-links from version 5.2.3 to version 5.2.4...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/08/10 5:55 p.m.17 views

Secure SSL flag does not work when using Delegated LDAP

h3. Summary The Secure SSL flag under the Advanced Settings section in the LDAP settings does not work when using Delegated LDAP/Internal with LDAP Authentication in JIRA. h3. Steps to Reproduce Add a Delegated LDAP AD in JIRA Checking the Secure SSL checkbox and hit the Save and Test button if w...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2016/08/10 1:39 p.m.17 views

Information disclosure on non protected page

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-43406. panel In confluence, a user can navigate to the page "/notfound", and receive a standard "Page Not Found". This page...

0.3AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295