Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
•added 2012/08/27 4:6 p.m.•16 views

Session ID and remember me cookie should expire when LDAP user password is changed

Steps to reproduce Login as a normal Confluence user In another browser or in incognito mode, login as system administrator Go to Confluence Admin Manage Users and click on the user Click Set Password and set a different password for this user Refresh the page and the user can still access the pa...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/31 9:7 a.m.•16 views

ldap injection in the custom atlassian authentication code

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47275. panel The custom atlassian ldap authentication code is vulnerable to ldap injection. The method which is vulnerable to ld...

8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/27 7:41 a.m.•16 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/07/27 5:34 a.m.•16 views

ValidationHash generation should use random.SystemRandom instead of random class

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47146. panel ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a rando...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2012/07/27 1:56 a.m.•16 views

Potential remote code execution due to embedding of old django-piston

The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safeload in the emitters.py python scripton line 412. Whilst it appears...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/24 12:15 p.m.•16 views

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/21 7:54 a.m.•16 views

persistent xss through flash swf file attachment download

It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call method to inject javascript defined in the swf file into the browser...

2.4AI score
Exploits0
Atlassian
Atlassian
•added 2012/05/07 6:55 a.m.•16 views

The "user" Dark Features page is vulnerable to XSRF/csrf

The "User Dark Features" page located at $host/secure/ViewProfile.jspa?selectedTab=jira.user.profile.panels:up-darkfeatures-panel allows users to add dark features which only affect themselves. However, it is not protected against XSRF attacks. Note: the 'value' of dark features is not properly...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/05/06 11:36 p.m.•16 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/04/26 4:54 p.m.•16 views

'/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled

quote LDAP directory users and groups exposed via the /users/userpicker.action. There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior. quote quote The second exposed function that is part of this vulnerability is...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/03/27 6:46 p.m.•16 views

Improve the default SSL cipherset in standalone JIRA setup

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions wou...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2012/02/08 4:27 a.m.•16 views

RSS feed over entire site gives information on restricted pages the user should not see

A customer has reported this issue via a comment on the documentation: http://confluence.atlassian.com/display/DOC/Working+with+RSS+Feeds?focusedCommentId=276627497comment-276627497 quote When someone has an RSS feed covering the whole Confluence instance, he is informed about changes in restrict...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/07/14 1:8 p.m.•16 views

Enumeration of usernames possible in Jira

We found enumeration of usernames to be possible in Jira 4.3.4 despite the login failure message not revealing whether it was the username or password that was incorrect. After 3 failed login attempts a captcha appears only if the user exists, otherwise not. This allows an attacker to enumerate t...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/07/12 2:32 a.m.•16 views

GeneralUtil.htmlEscapeQuotes should be annotated HtmlSafe

The GeneralUtil.htmlEscapeQuotes method outputs HTML and thus should be annotated as @HtmlSafe. Not doing so causes its output to be double escaped when automatic escaping is enabled for the plugin/velocity template...

0.7AI score
Exploits0
Atlassian
Atlassian
•added 2011/06/29 5:37 p.m.•16 views

On internal error, JIRA will display error information to the user (in the browser)

When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2011/05/23 6:44 a.m.•16 views

XSRF vulnerability in the Social Bookmarking plugin

We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Social Bookmarking plugin. Note that the Social Bookmarking plugin is disabled by default. If you do not...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2011/05/06 8:26 p.m.•16 views

When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users

Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/12/30 3:6 a.m.•16 views

Add warning to Shared Dashboards explaining consequence of 'everyone'

In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...

1.3AI score
Exploits0
Atlassian
Atlassian
•added 2010/11/03 3:44 a.m.•16 views

Security Vulnerability in Confluence Remote API

We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...

2.5AI score
Exploits0
Atlassian
Atlassian
•added 2010/10/10 8:4 p.m.•16 views

Google Chrome shows mixed content warning

Hello, when JIRA is requested via https with Google Chrome 6.0.472.63 on all URLs of JIRA https is in red, crossed out and a padlock with red cross is shown with this description: "Your connection is encrypted with 128-bit encryption. However, this page includes other resources which are not...

0.4AI score
Exploits0
Atlassian
Atlassian
•added 2010/10/05 5:37 a.m.•16 views

XSS vulnerability in Office Connector

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/06/21 3:40 a.m.•16 views

XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

0.1AI score
Exploits0
Atlassian
Atlassian
•added 2010/05/31 6:58 a.m.•16 views

WebSudo should be disabled in devmode

When confluence is started in dev mode, websudo should be disabled...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/05/05 12:16 a.m.•16 views

The system paths are to be locked down to the JIRA Home directory

Currently JIRA allows you to change system file paths at runtime. While convenient, this allowed an attacker to elevate his/her stolen system admin access into a situation where he/her can execute arbitrary code. A decision has been made to remove the ability to set the paths at run time. For new...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/27 4:58 a.m.•16 views

XSS in page renderer

An XSS vulnerability has been identified in the page renderer. This issue provides a fix for this problem. The severity of this issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues as well as more information on how we rate issues...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 5:28 a.m.•16 views

Only strings are encoded

The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 5:28 a.m.•16 views

Only strings are encoded

The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 1:7 a.m.•16 views

Anonymise config files in support zip

Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 12:37 a.m.•16 views

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/22 12:37 a.m.•16 views

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

1.5AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/16 4:34 a.m.•16 views

Miscellaneous support-related JSPs contain XSS holes

JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are: groupnames.jsp indexbrowser.jsp...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/04/16 4:34 a.m.•16 views

Miscellaneous support-related JSPs contain XSS holes

JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are: groupnames.jsp indexbrowser.jsp...

1.2AI score
Exploits0
Atlassian
Atlassian
•added 2010/04/13 5:50 a.m.•16 views

Privilege escalation vulnerability when administrator access is compromised

panel:borderColor=ff0000|borderStyle=solid|bgColor=ffccccNote: This issue is superceded by JRA-21004. Please install the patches on that issue, rather than this one. For more details, see JIRA Security Advisory -...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/03/23 2:46 p.m.•16 views

Allow non-Administrators to be able to modify workflows

As an IT Manager, by having to add users to the Administrators group in order to edit and manage workflows is prohibitive to the administration and security of our Jira environment. While I want users to create, manage and edit workflows, I do NOT want them creating or modifying accounts which...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/02/24 1:11 a.m.•16 views

Version number

I notice that the JIRA footer displays the current version of JIRA. Revealing the specifics of the revisions of software that you run in production is generally considered a bad security practice. Is there a reason that it is displayed openly to all users in licensed versions of the product? Is i...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/02/24 1:11 a.m.•16 views

Version number

I notice that the JIRA footer displays the current version of JIRA. Revealing the specifics of the revisions of software that you run in production is generally considered a bad security practice. Is there a reason that it is displayed openly to all users in licensed versions of the product? Is i...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2010/02/17 4:24 a.m.•16 views

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

2.2AI score
Exploits0
Atlassian
Atlassian
•added 2009/12/10 6:55 p.m.•16 views

Remove database passwords from the file system.

Currently if you connect Jira to an external database, you must store the database credentials on the file system either in the server.xml file Jira standalone, or in an equivalent file. This has security implications. Can we modify the application to not store this information on the file system...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/12/02 4:10 a.m.•16 views

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/11/24 8:47 p.m.•16 views

Watchers can be added to a project without having rights in that project

A user of Jira at our site has found that two people he added to watchers on this project were only members of the Jira Users group and had no rights in the project. Therefore Jira silently did not send any notifications and they did not receive the information that the original user thought they...

2AI score
Exploits0
Atlassian
Atlassian
•added 2009/09/09 5:2 a.m.•16 views

admin gadget rest endpoint information leak

the admin rest endpoint can return admin-only information even if the end user is not an admin...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/26 1:55 p.m.•16 views

Add a password lockout feature

Confluence does not prevent someone from making a script that tries every possible password combination for a Confluence account. There should be an option to set a max attempts and then lock out the user from the system. This is obviously a security problem as Confluence within most companies us...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/18 1:18 a.m.•16 views

XSS vulnerability can be exploited with the pagetree macro

Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/08/12 4:55 a.m.•16 views

XSS bug when unfavouriting a dashboard

When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/06/18 1:45 p.m.•16 views

Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0

Confluence allows its users to specify a "Profile Picture," an image that appears on many pages related to the user. A user can either upload a custom image, or select one from a set provided by Confluence. Confluence uses the /users/doeditmyprofilepicture.action path to process requests to chang...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/06/03 7:28 a.m.•16 views

XSS vulnerability when moving page between spaces

You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly. To reproduce. 1 Create a space called alert"Howdy"; 2 Create a page in another...

0.2AI score
Exploits0
Atlassian
Atlassian
•added 2009/03/19 4:15 p.m.•16 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0
Atlassian
Atlassian
•added 2009/02/26 12:44 a.m.•16 views

Impropper sanitisation of attachment filenames allows header injection

An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream...

4.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/20 12:41 a.m.•16 views

Redirect that works in 2.9 is broken in later Confluence versions

Adding a .jsp containing the following code will work in 2.9, but produces an exception in 2.10 when a parameter such as osdestination is supplied: code code Example URL: http://localhost:8080/confluence/login2.jsp?osdestination=%2Fdashboard.action Typical exception: quote...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
•added 2009/02/12 1:0 a.m.•16 views

Password is being logged for 500 errors

The user passwords are being exposed in the log files when a 500 error happens. The following Jira solved the problem for the information displayed in the user Browser: http://jira.atlassian.com/browse/CONF-12360...

0.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295