Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2014/09/06 3:12 p.m.17 views

Tools/Share sends e-mail to disabled users

I have Confluence/JIRA latest versions self hosted. Confluence gets its users from JIRA. I created a new topic and then used the Tools/Share option to notify all of the new topic. I used "jira-users" to send the message to. It sent to everyone including disabled users. I would expect the behavior...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/15 11:35 p.m.17 views

"Issue Does Not Exist" page leaks information to non-logged in users

Trying to open a URL for an issue that does not exist shows the "Issue Does Not Exist" error page, even if you are logged out and the project is not publicly viewable. In contrast, trying to open the URL for valid issue will prompt the user to login. In this way, an unprivileged user can learn...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/08/06 11:30 p.m.17 views

Stored XSS Vulnerability found on Atlassian

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47027. panel Hi ! I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You wil...

5.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/29 9:27 p.m.18 views

Password for LDAP Connection Displayed in the "directoryConfigurationSummary.txt" file

In the Support.zip|https://confluence.atlassian.com/display/DOC/Troubleshooting+Problems+and+Requesting+Technical+SupportTroubleshootingProblemsandRequestingTechnicalSupport-Method1:UsingtheSupportRequestFormviatheConfluenceAdministrationConsole there is a file named...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.17 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.17 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/17 9:19 a.m.17 views

Upgrade to Application Links 4.2.4, SAL 2.12.2+

We have vulnerability in application links: https://jira.atlassian.com/browse/JRA-38918 Bumping applinks to 4.2.4 and SAL to 2.10.20 will fix the problem. Product should implement IFRAME page capability in their login page provided by LoginUriProvider...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/25 11:54 p.m.17 views

Bruteforce Attack via Applinks Servlet

An attacker is able to perform bruteforce attacks via the applinks servlet. There is no captcha protection, nor do accounts get locked out after excessive attempts. The attacker can input a username, and perform bruteforce attacks on the login form. The core issue is that there is no login attemp...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 2:4 p.m.17 views

Persistent Cross Site Scripting Flaw in User Profiles

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.17 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0
Atlassian
Atlassian
added 2014/02/20 4:9 p.m.17 views

Restricted JIRA comments appear in Confluence notification inbox

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/13 11:39 p.m.17 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid. noformat If this URL is requested and the answer in question is currently un-accepted, its state will be changed to accepted. If the answer in question is already accepted, it will...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/06 8:13 p.m.17 views

Confluence Administrator Can Add Himself to System Administrator Group

I have found what I believe to be a security bug in Confluence that should be fixed. We have System Administrator function from the Confluence Administrator Group, and created a new Group called System Administrators see attachment. The purpose was to give our Tech Writers the ability to access t...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/06 9:27 a.m.17 views

Improve filter behaviour: auto-complete should not give away field values

h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, when using the IN operator in JQL, auto-complete will "give away" values for the majority of fields. Given that for each individual project there are schemes restricting o...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/01/24 1:21 a.m.17 views

XSS on several select lists

Steps to reproduce: -Create a new issue type -Add "alert'Issue name' as Issue name mind the qoute at the beginning -Add "alert'Issue desc' as Issue Description -Add /images/icons/issuetypes/genericissue.png "alert'Issue icon' as Issue Icon -Make sure that this issue type is available on your...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2014/01/08 3:10 p.m.17 views

Cross Site Scripting vulnerabilities in Pickers

Currently, the confluence picker does not sanitize the input /crowd/console/secure/pickers/displayPicker.action. Proof of concept. Access the following URL in your browser with javascript enabled. Replace the with your crowd URL. panel...

2.8AI score
Exploits0
Atlassian
Atlassian
added 2013/12/11 7:33 p.m.17 views

Secure Mail Archive with Space Permissions

Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visible to all space users. REQUEST: Apply Restrict Space Permissions to Mail Archive Same behavior as for Pages, restricting ability to search or view mail archive based on permissions. S...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/11 7:32 p.m.17 views

Secure Mail Archive with Space Permissions

Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visible to all space users. REQUEST: Apply Restrict Space Permissions to Mail Archive Same behavior as for Pages, restricting ability to search or view mail archive based on permissions. S...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/11 7:32 p.m.17 views

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31944. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visib...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/10 1:42 p.m.17 views

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2013/12/05 3:4 p.m.17 views

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

2AI score
Exploits0
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.17 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/10 11:5 a.m.17 views

Confluence notifications generated on jira issues no longer readable

A user created a ticket in jira, which was moved to another section, where the creator of the ticket has no rights. But the creator recieved a notification in confluence about a new comment on the ticket, he was no longer able to read and the comment was quoted in confluence. I think, this is a...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/10 11:5 a.m.17 views

Confluence notifications generated on jira issues no longer readable

A user created a ticket in jira, which was moved to another section, where the creator of the ticket has no rights. But the creator recieved a notification in confluence about a new comment on the ticket, he was no longer able to read and the comment was quoted in confluence. I think, this is a...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/08 5:0 a.m.17 views

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/01 10:54 a.m.17 views

Reflected cross-site scripting (XSS) in dosearchsite action

The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/30 7:48 a.m.17 views

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2013/09/25 2:11 p.m.17 views

Password displayed in clear text when logging in to a websudo session that has expired

When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text. This is a breach in security; the password should never be displayed in clear text on a web page...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/24 8:35 a.m.17 views

Passwords from variables are visible in plaintext in release versioning preview

Hey Atlassians! You can see the contents of masked variables the ones with "password" in their key when you click on "Add variable to version" in release versioning configuration screen for deployment project. Steps to reproduce: 1. Create a global variable with key: "testpassword" and value "abc...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2013/09/20 5:6 p.m.17 views

User invite functionality available to non-admins

The REST API which manages user invites ensures that only adminstrators can generate a new invite token. However, no similar access controls are present on the methods which are used to invite new users, or to revert to the previous security token – these can be successfully called by any...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/16 6:43 a.m.17 views

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/13 1:36 a.m.17 views

Convert the SecurityHeadersInterceptor into a filter that applies to /*

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/06 5:16 a.m.17 views

XSS in doconfigurerssfeed.action

Filed by vosipov on behalf of write.muhammadwaqar. code...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/05 9:55 p.m.17 views

Force password reset for all users

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-30236. panel Administrators should have an easy way to force users to change passwords in bulk format in emergencies. Has this...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/16 4:47 p.m.17 views

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2013/06/20 1:38 p.m.17 views

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/13 2:46 p.m.17 views

https://jira.atlassian.com/500page.jsp

this page shows all the data about JIRA instance to intruder. It makes it more vulnerable when you know the whole setup...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/08 1:31 p.m.17 views

UI Redressing (Clickjacking)

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-29230. panel Confluence is vulnerable to Clickjacking|https://en.wikipedia.org/wiki/Clickjacking. That is, it is possible to...

Exploits0Affected Software1
Atlassian
Atlassian
added 2013/04/10 7:5 p.m.17 views

SSL Enabled but some link point to http:// instead of https://

This scenario will happen if enable both HTTP8090 and HTTPS8433 and 'Server Base Url' is set to HTTP. Reproduce procedures 1. Access confluence via HTTPS 2. Click menu 'Space' at the top menu 3. At 'Space Directory' page, click any of the menu at the left side eg. All spaces etc. then click link ...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/19 12:58 a.m.17 views

XSS in /secure/admin/AssociateProjectRepPath!default.jspa

fromScreen is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link without a token. noformat GET...

6.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/03/18 8:33 a.m.17 views

Activity stream not respecting parent page restrictions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/15 4:53 p.m.17 views

Anonymous users can see page restriction data, exposing user ids and group names

If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...

2AI score
Exploits0
Atlassian
Atlassian
added 2013/02/06 6:43 p.m.17 views

Large filter subscriptions can crash a JIRA instance with an OutOfMemoryError

h3. Summary JIRA has no 'rate limiting' or mail limit on filter subscriptions. This means using certain configurations will allow for a significant amount of mail to be created. As this mail is persisted in memory, it's possible to cause OutOfMemoryError's, even with a significant amount of heap...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/12/21 12:8 a.m.17 views

XSS bug in detail view epic name lozenge rendering

6.1 introduced an xss bug in the detail view, more specifically in the epic field that displays to which epic an issue belongs to...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 1:27 p.m.17 views

CreateSupportZipAction directory traversal

There’s a directory traversal vulnerability in the CreateSupportZipAction action that allows a malicious user to include arbitrary log files into a support zip. This is because the SupportUtility object is marked as @ParameterSafe, and no validation is performed on its serverLogsDirectory path...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/27 4:29 p.m.17 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/18 3:36 p.m.17 views

rememberme cookie is not cleared when user changes password in Confluence

When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2012/09/10 12:19 p.m.17 views

Information disclosure in REST API

REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2012/09/03 2:4 a.m.17 views

Session expiry pages may echo password in clear text

The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.17 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...

2.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295