4295 matches found
Upgrade Apache Commons-text for CVE-2022-42889
h3. DISCLAIMER panel:bgColor=e3fcef ! Confluence IS NOT VULNERABLE to CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889. This bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the nex...
Gadget resource makeRequest defeats behind-the-firewall protection of app-linked resources - CVE-2021-26070
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the makeRequest gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0...
Unauthenticated user can Enumerate Issue Keys - CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. Affected...
Customers created via the Customer Portal do not trigger an email verification
In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: version 3.16.13 4.0.0 ≤ version 4.5.3 4.6.0 ≤ version 4.7.0 Fixed versions:...
Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...
Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
Remote code execution via OGNL injection in Confluence Server & Data Center - CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7,...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Information Disclosure using JQL function membersOf - CVE-2020-36286
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly...
Pre-Authorization Arbitrary File Read - access web.xml via curl with no authentication.
https://asecurityteam.atlassian.net/browse/VULN-196971 h3. Issue Summary The Atlassian Confluence, Atlassian Jira, and Atlassian Crowd are vulnerable to a Pre-Authorization Arbitrary File Read attack vector. Specifically, the /s/ endpoint can be accessed in a specific manner that enables...
Make possible to remove valid EC2 configuration from Bamboo
An admin cannot remove valid EC2 the keys from Bamboo. After EC2 is disabled the credentials cannot be removed from the UI h3. Work Around Disable EC2 from Bamboo UI Shutdown Bamboo Edit BambooHomeDir/xml-data/configuration/administration.xml and remove code:java XXXXXXXXXXXXXX...
Access Restriction Bypass using watch notifications (CVE-2017-9505)
Confluence did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344...
Update Java version bundled found in the installer to a version >= 1.8u51
Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...
Enable X-FRAME-Options header to implement clickjacking protection
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...
Upgrade Tomcat to 8.5.38 to fix CVE-2019-0199
h3. Denial of service in Apache Tomcat CVE-2019-0199 A vulnerability was found in Apache Tomcat version from 9.0.0.M1 to 9.0.14 inclusive and 8.5.0 to 8.5.37 inclusive. The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams...
Direct Object Reference - User Information Disclosure
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious use...
Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233
h3. Issue Summary Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities. h3. Affected Versions The following versions are only affected...
Apache Log4j - Arbitrary Code Execution in confserver/confluence (master)
h3. Issue Summary Arbitrary Code Execution in confserver/confluence master h3. Steps to Reproduce Vulnerability: Arbitrary Code Execution Severity: color:f9423aHighcolor Project: confserver/confluence Branch: master Scan Date: Unknown Vulnerability ID: CVE-2019-17571 log4j-core is vulnerable to...
XSS in various resources in the issuesURL parameter - CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuesURL parameter...
XSS in the usermacros resource through the description of a macro - CVE-2017-18084
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the description of a macro. Acknowledgements Atlassian would like to credit Veit Hailperin @fenceposterro...
XSS in the IncomingMailServers resource through the messagesThreshold parameter - CVE-2017-18039
The IncomingMailServers resource in Atlassian JIRA from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the messagesThreshold parameter...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network
h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...
Upgrade bundled Tomcat to 6.0.37
Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version...
Jira is affected by CVE-2022-42890 &
This affects the Batik library from v1.0 - v1.15 Jira 9.0.0 uses Batik v1.14. More information on vulnerability at: Information Exposure CVE-2022-41704|https://asecurityteam.atlassian.net/browse/VULN-1041609 Remote Code Execution RCE...
Access-revoked user can add new users and groups to a Jira project - CVE-2021-41311
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. T...
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...
DoS vulnerability in MessageBundleResource - CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...
Information disclosure in Login - CVE-2020-4028
Users without session information should be pushed to the login page. Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Login. Affected versions: version...
CSRF in Application Links plugin allows network enumeration - CVE-2019-20100
Atlassian Jira Server and Data Center before version 8.7.0 use a version of the Atlassian Application Links plugin that is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to...
XSS in the wikirenderer component - CVE-2019-8444
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...
Multiple vulnerabilites in Java 1.7.0_15
The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...
Upgrade standalone Tomcat to 5.5.25
We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at: https://vulners.com/cve/CVE-2007-3382 https://vulners.com/cve/CVE-2007-3385...
Unicode characters allow malicious code to be hidden from a human reviewer (JSM Server & Insight asset management App) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Jira Service Management Server / DC and Insight Asset Management app where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These specia...
Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities
Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were: CVE-2012-0881 CVE-2019-10172 CVE-2018-1000632 CVE-2016-1000031 CVE-2014-0114...
CSRF on Wallboard endpoint - CVE-2019-20411
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.9 8.0.0 ≤ version 8.4.2 Fixed versions: 7.13.9 8.4.2 8.5.0...
Upgrade Tomcat to the latest 8.0.x release
h3. Summary We are currently on 8.0.17 and have already been bitten by a bug in it: https://bz.apache.org/bugzilla/showbug.cgi?id=57476 We should upgrade to the latest to get the latest bugfixes. Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager...
Unicode characters allow malicious code to be hidden from a human reviewer (Jira Server) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Jira Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the...
Unicode characters allow malicious code to be hidden from a human reviewer (Confluence Server) - CVE-2021-42574
Researchers at the University of Cambridge reported a vulnerability affecting Confluence Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by th...
User Enumeration via /rest/api/1.0/render endpoint - CVE-2021-39118
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. Affected versions: version 8.19.0 Fixed...
XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080
Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript: Affected versions: version 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...
Privelege Escalation:- User having no permission is able to access logs of all private branches via ViewError Endpoint
h3. Issue Summary It has been observed that user having no permission is able to access error logs of all private branches which reveals the information related to project,agent,build etc. Bug Bounty report:...
Update the bundled version of OWASP AntiSamy to address issues
The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...
Upgrade bundled Java to 8u101+
Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect JIRA...
Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104
Log4J version 1.2.17-atlassian-3 used in Fisheye and Crucible is vulnerable to CVE-2021-4104. The JMSAppender in Log4J 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4J configuration. Note this issue only affects Log4J 1.2 when specifically...
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
h3. Issue Summary Unauthorized access to data from the following API even if the public.access.disabled is enabled. /rest/api/2/projectCategory /rest/api/2/resolution /rest/menu/latest/admin h3. Steps to Reproduce - Install Jira 8.13.9 with H2 database - Create a project and some Project categori...
CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Jira system is currently using underscore.js 1.9.1. However, it is being affected due to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the...