Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2013/07/28 1:59 a.m.16 views

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2013/07/26 3:5 a.m.16 views

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top pag...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 1:38 p.m.16 views

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/08 1:5 p.m.16 views

Several XSS flaws in the /rest/tinymce/1

I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2013/04/15 3:54 a.m.16 views

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

2.2AI score
Exploits0
Atlassian
Atlassian
added 2013/03/21 12:48 a.m.16 views

Restrict access to personal pages and directory

We need to restrict access to personal pages and the directory. At present, there doesn't seem to be any way to do this. We have some guest accounts that we want to share a particular space with but unfortunately, we can not do that as all of the content in personal spaces and our directory are...

3.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/10 4:9 p.m.16 views

Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary

Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/12/24 2:23 a.m.16 views

XSS vulnerability in source tab configure project

Create a new group named "alert"XSS" 2. In the OnDemand administration section click Fisheye, then Configure to the right of the project name This vulnerability is due to an unescaped group.name parameter in projectrepositorypermissions.vm e.g...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/11/29 12:33 p.m.16 views

Fix XSS vulnerabilities in managereferrers.vm and importword.vm

Scope of this issue is to address two specific XSS vulnerabilies. The scope of fixing i18n parameters is tracked elsewhere|https://jira.atlassian.com/browse/CONF-15548. Please see the comment below for...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/04 5:33 a.m.16 views

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2012/08/27 4:6 p.m.16 views

Session ID and remember me cookie should expire when LDAP user password is changed

Steps to reproduce Login as a normal Confluence user In another browser or in incognito mode, login as system administrator Go to Confluence Admin Manage Users and click on the user Click Set Password and set a different password for this user Refresh the page and the user can still access the pa...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/31 9:7 a.m.16 views

ldap injection in the custom atlassian authentication code

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47275. panel The custom atlassian ldap authentication code is vulnerable to ldap injection. The method which is vulnerable to ld...

8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.16 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 5:34 a.m.16 views

ValidationHash generation should use random.SystemRandom instead of random class

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47146. panel ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a rando...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2012/07/27 1:56 a.m.16 views

Potential remote code execution due to embedding of old django-piston

The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safeload in the emitters.py python scripton line 412. Whilst it appears...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/24 12:15 p.m.16 views

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/21 7:54 a.m.16 views

persistent xss through flash swf file attachment download

It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call method to inject javascript defined in the swf file into the browser...

2.4AI score
Exploits0
Atlassian
Atlassian
added 2012/05/06 11:36 p.m.16 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/26 4:54 p.m.16 views

'/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled

quote LDAP directory users and groups exposed via the /users/userpicker.action. There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior. quote quote The second exposed function that is part of this vulnerability is...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 4:35 a.m.16 views

admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.

admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/11 4:24 p.m.16 views

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/07/14 1:8 p.m.16 views

Enumeration of usernames possible in Jira

We found enumeration of usernames to be possible in Jira 4.3.4 despite the login failure message not revealing whether it was the username or password that was incorrect. After 3 failed login attempts a captcha appears only if the user exists, otherwise not. This allows an attacker to enumerate t...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/06/29 5:37 p.m.16 views

On internal error, JIRA will display error information to the user (in the browser)

When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/05/06 8:26 p.m.16 views

When configured for Internal Database with LDAP for Authentication Only, Confluence does not check the LDAP when authenticating users

Configured Confluence to keep and manage users in its internal database, but to first try to use LDAP for authentication only, via the new interface. Debug output suggests Confluence is not bothering to check the LDAP at any point during the authentication process. More detail is available here:...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/11/03 3:44 a.m.16 views

Security Vulnerability in Confluence Remote API

We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...

2.5AI score
Exploits0
Atlassian
Atlassian
added 2010/10/05 5:37 a.m.16 views

XSS vulnerability in Office Connector

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence Office Connector. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/09/22 6:24 a.m.16 views

restrict the access to JIRA for specific pairs "user account - host"

to be able to restrict the access to JIRA for specific pairs "user account - host" also to provide: 1. specify checkbox user account - "any host" 2. specify multiple hosts for one user account 3. to use Windows AD containers such distribution groups and computer groups in tool of the coding of...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/08/02 5:14 a.m.16 views

Secure Administrator Sessions feature can be bypassed

In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3. This would allow an attacker to perform administrative functions on Confluenc...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/06/21 3:40 a.m.16 views

XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2010/05/31 6:58 a.m.16 views

WebSudo should be disabled in devmode

When confluence is started in dev mode, websudo should be disabled...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/05/20 3:13 a.m.16 views

Pluggable CAPTCHA

CAPTCHA should be pluggable in JIRA CAPTCHA|http://en.wikipedia.org/wiki/CAPTCHA is supposed to stop spam and other automated nefarious usage of systems. But there is an arms race of CAPTCHA breaking|http://www.slightlyshadyseo.com/index.php/xmcps-how-tobasic-captcha-cracking-techniques-part-1/ a...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 5:28 a.m.16 views

Only strings are encoded

The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 12:37 a.m.16 views

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

1.5AI score
Exploits0
Atlassian
Atlassian
added 2010/04/16 4:34 a.m.16 views

Miscellaneous support-related JSPs contain XSS holes

JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are: groupnames.jsp indexbrowser.jsp...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/23 2:46 p.m.16 views

Allow non-Administrators to be able to modify workflows

As an IT Manager, by having to add users to the Administrators group in order to edit and manage workflows is prohibitive to the administration and security of our Jira environment. While I want users to create, manage and edit workflows, I do NOT want them creating or modifying accounts which...

3.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/16 1:0 a.m.16 views

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/02/17 4:24 a.m.16 views

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

2.2AI score
Exploits0
Atlassian
Atlassian
added 2009/12/02 4:10 a.m.16 views

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/11/24 8:47 p.m.16 views

Watchers can be added to a project without having rights in that project

A user of Jira at our site has found that two people he added to watchers on this project were only members of the Jira Users group and had no rights in the project. Therefore Jira silently did not send any notifications and they did not receive the information that the original user thought they...

2AI score
Exploits0
Atlassian
Atlassian
added 2009/10/21 1:33 a.m.16 views

Confluence users should inherit permissions from the anonymous user

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-17278. panel This has been derived from CONF-4955|http://jira.atlassian.com/browse/CONF-4955. The above seems to have been fixe...

3.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/26 1:55 p.m.16 views

Add a password lockout feature

Confluence does not prevent someone from making a script that tries every possible password combination for a Confluence account. There should be an option to set a max attempts and then lock out the user from the system. This is obviously a security problem as Confluence within most companies us...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/18 1:18 a.m.16 views

XSS vulnerability can be exploited with the pagetree macro

Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/12 4:55 a.m.16 views

XSS bug when unfavouriting a dashboard

When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/07/24 5:42 a.m.16 views

Warn about assigning "Anyone" group in Global and Project permissions

Assigning anyone to global permissions such as a "Browse user" is a sure way to shoot yourself in the foot inadvertently. We make a vague mention of it in the documentation https://confluence.atlassian.com/display/JIRA/Managing+Global+Permissions quote if you wish to grant the permission to non...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/06/18 1:45 p.m.16 views

Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0

Confluence allows its users to specify a "Profile Picture," an image that appears on many pages related to the user. A user can either upload a custom image, or select one from a set provided by Confluence. Confluence uses the /users/doeditmyprofilepicture.action path to process requests to chang...

7.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/06/03 7:28 a.m.16 views

XSS vulnerability when moving page between spaces

You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly. To reproduce. 1 Create a space called alert"Howdy"; 2 Create a page in another...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2009/04/21 1:39 p.m.16 views

Issue attachments, need a functionality of Security Schemes

In our JIRA instance both customers and developers have access to issues. We would like to have a security scheme functionality in connection to issue's attachments. In other words, we would like to attach a documentation which would not be visible to customers or other groups of JIRA users...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.16 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0
Atlassian
Atlassian
added 2008/11/13 3:49 a.m.16 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/11/07 12:35 a.m.16 views

Inserted image filenames are not escaped properly as thumbnails

When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...

0.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295