4295 matches found
DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Improper Authorization spring-security-crypto dependency in Bamboo Data Center
This High severity spring-security-crypto dependency vulnerability was introduced in versions 9.6.0, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an...
DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 7.19 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.4, 8.13.4, 8.14.3, 8.15.2, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score o...
Captcha doesn't work for page preview comment
Steps to reproduce: go to Configuration - Spam Prevention turn on Captcha for everyone create a page with image click the image to preview try to make a comment on the image Expected: User needs to enter the captcha to submit the comment Actual: User can submit the comment without entering the...
group normalisation from 4.0 upgrade tasks is breaking permissions
Group normalisation from 4.0 upgrade tasks is breaking permissions. Scenario: backup created for 3.1.7 instance, repo "repo-uppercase-access" configured with "GROUP-A" can read access backup file restored on 4.1 instance, I can see following messages in the upgrade log code$ grep -i renam...
Cannot sign commits and tags for Git Flow
The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...
users without "delete attachment permission" can delete attachment
go to space tools permissions and remove the permission of user X to delete attachments go to a page of that space which contains an attachment go to attachments no "delete" link available / expand an attachment to see older versionns including current version for each version there is the...
Remove old plugin manager
The old plugin manager is still available in confluence if you know the URL ../admin/viewplugins.action it looks quite terrible and given it is almost an unknown feature most of the current Confluence Team would not know to fix it if there are security problems with it. It was kept when we put UP...
Users with only View Space permission are able to edit Space Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46923. panel h2. Problem Summary Users are able to edit any Space Questions as long as they have View permissions for that spac...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...
Sensitive information displayed in anonymous REST API calls
h4. Expected behavior Block sensitive information from being displayed on anonymous REST API calls in JIRA. h4. Actual behavior Users' full-name are displayed when running the calls below: noformat /user/picker?query= /groupuserpicker?query=ali&showAvatar noformat Default fields and custom fields...
User receiving notification from a restricted space
h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...
OGNL Double Evaluation Vulnerability
We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...
Adding Subscription Cal by URL stores user password unencrypted
I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really no excuse for this. Subscribe to a calendar by url, then in the DB : code SELECT TOP 1000 ID ,KEY ,SUBCALENDARID ,VALUE FROM YOUR-DB-NAME.dbo.AO950DC3TCSUBCALSPROPS code As an...
Mail sever configuration page sends mail server password back in the html
The mail server configuration page fills in the current mail server password in the html and it should not. Instead a place-holder value should be used instead of the current password value and if the place-holder value is submitted in a request then the mail server password is not updated...
Session ID URL's in logfile
Hi, In the logfiles you can see the session ID's in the URL. Can this be used to hack into a another account?...
"Recently updated" plugin can be used to reflect arbitrary static content to browser
This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...
Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions
h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Browse through Confluence as anonymous Do a search h4.Expected Results: Results should not contain anything from Questions. h4.Actual Results: Results show Questions topics, but upon...
Can't push subtree
As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...
Hide passwords in ps aux for https git tasks
When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...
Direct Object Reference - User Information Disclosure
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious use...
Applink configuration data is exposed anonymously
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...
Content with inherited restrictions still appears in search results
I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...
Privilege escalation
We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...
doeditdefaultspacepermissions.action vulnerable to CSRF
EditSpacePermissionDefaultsAction, execute...
Persistent XSS in Username field
The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" for HTML output. Known vulnerability points: When viewing a user's activity stream on their profile page When viewing the site-wide activity stream in the Administrative UI This...
Allow cookie-less instance for security reasons
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...
User receives an email even though they don't have access to the page where a task was unassigned
h3. Steps to reproduce: Find/Create a space that has restricted view access Create a page and assign a task to a user that doesn't have view access to the page. Save the page. User does not receive an email, and the task does not show up in the user's to-do correct behavior Edit the page and...
admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.
admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
LogToServer action lets anyone log messages to the server log
Available without authentication. This can be used to hide breakin attempts or fill the disk if no log rotation is in place...
Support web sudo and other password confirmation features with custom authenticators
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-22875. panel By default, web sudo and other password confirmation features in Confluence 3.5 and later are disabled if a custom...
Cross-Site Request Forgery
Cross-Site Request Forgery Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL: /jira/plugins/servlet/streamscomments This vulnerability enables...
XSS vulnerability in Crucible's Snippets
We have identified and fixed a cross-site scripting XSS vulnerability in the Crucible Snippets. Affected versions are Crucible 2.4.5 to 2.5.0 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You can read more about XSS attack...
XSS vulnerability in Pagetree macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence pagetree macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:...
restrict the access to JIRA for specific pairs "user account - host"
to be able to restrict the access to JIRA for specific pairs "user account - host" also to provide: 1. specify checkbox user account - "any host" 2. specify multiple hosts for one user account 3. to use Windows AD containers such distribution groups and computer groups in tool of the coding of...
Can't set visibility on comment created via Activity Stream Gadget
I can't restrict the visibility of an comment created via the activity stream gadget. In our environment it is important for us to have this feature available everywhere where users are able to create comments on issues...
Property for enabling/disabling viewage of Jira administrators
As of JRA-21004, it also happened that the Administrator page does not show the administrators anymore. This patch is enables through one property in jira-atlassian.properties, and it resolves severall problems. We would prefer that there is a property like jira.administrators.show=true/false,...
Secure Administrator Sessions feature can be bypassed
In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3. This would allow an attacker to perform administrative functions on Confluenc...
XSS vulnerability in Clickr theme
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence Clickr theme. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An attacker...
XSS vulnerability in Clickr theme
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence Clickr theme. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An attacker...
Can not UPDATE the "Viewable By" field of an issue
After the creation of an issue it is by default viewable by "All Users". It is not possible to change the value after re-editing that issue. After changing it and clicking the "Update" button, the viewable by entry stays "All Users"...
Pluggable CAPTCHA
CAPTCHA should be pluggable in JIRA CAPTCHA|http://en.wikipedia.org/wiki/CAPTCHA is supposed to stop spam and other automated nefarious usage of systems. But there is an arms race of CAPTCHA breaking|http://www.slightlyshadyseo.com/index.php/xmcps-how-tobasic-captcha-cracking-techniques-part-1/ a...
Password strength measurement and restriction
Enable password strength rules to tell the user the effective strength of the password they choose optionally allow administrators to restrict the minimum strength of passwords chosen by users be pluggable Currently you can enforce password strength by using JIRA with Crowd...
XSS vulnerability in some JSPs under admin section
Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...
Only strings are encoded
The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...
runportleterror.jsp contains XSS hole
The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...
Custom fileds inconsistently escaped in view and edit screens
Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...
JQL breaks issue security levels based on custom fields
The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...