4295 matches found
Project Role Modifications not reflected in Issue Security Scheme
If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...
publically available usernames are a security risk
The login username of users is revealed all over the place in URLs that link to user profile, or user's list of assigned open bugs etc. This seems to be a big security risk, because you have given away half of the user identification to strangers. Anybody can look up a user in the issue tracker a...
Don't send any notifications to disabled users
Once a user is disabled, they should not receive any notifications...
"Change password" facility modify only a password in a local database, not in LDAP.
If jira is configured to use Ldap authentification and user change its password, Jira checks current password in ldap, but modify password in local database only. I think, the correct behaviour is to change both passwords -- in ldap, because this is the one which is realy used, and in local...
Manage authentication for NTLM proxies
We want to access RRS content internally, but we are using a secured proxy requiring authentication via NTLM or user/password. We setted up the standard Java proxies properties: http.proxyHost, http.proxyPort and http.auth.ntlm.domain. But it seams that the http.auth.ntlm.domain properties does n...
DoS (Denial of Service) ua-parser-js Dependency in Jira Software Data Center
This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) semver Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2022-25883 was introduced in versions 9.4.16 and 10.1.1 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center and Server
This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of...
Injection in Crowd Data Center and Server
This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9287 was introduced in versions 1.0.4, 6.2.4, 7.0.0, and 7.1.0 of Crowd Data Cente...
DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Bamboo Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.1, 10.2.0 of Bamboo Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of: code:java...
DoS (Denial of Service) axios Dependency in Jira Software Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
Prototype Pollution loadash.pick Dependency Vulnerability in Jira Software Data Center and Server
This High severity Prototype Pollution vulnerability known as CVE-2020-8203 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H allows an unauthenticated attacker to take...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service Dependency vulnerability, known as CVE-2024-7254, was introduced in version 8.9.0 of Bitbucket Data Center and Server. This vulnerability, with a CVSS Score of 8.7 and a vector of...
Information Disclosure com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity Information Disclosure vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N allows an unauthenticated attacker to expo...
Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24772
This High severity vulnerability known as CVE-2022-24772 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-45133
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-31129
This High severity vulnerability known as CVE-2022-31129 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-48734
This High severity vulnerability known as CVE-2025-48734 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 9.4.0, 9.4.8, 8.19.21 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.8 and a CVSS Vector of...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-29415
This High severity vulnerability known as CVE-2024-29415 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.1 and a CV...
Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-8203
This High severity vulnerability known as CVE-2020-8203 was introduced in 4.4.0, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.4 an...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-25710
This High severity vulnerability known as CVE-2024-25710 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-21538
This High severity vulnerability known as CVE-2024-21538 was introduced in 6.0.5, 7.0.3, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 9.4.0, 8.19.12, 8.19.13, 9.4.1, 9.4.2, 8.19.14, 9.4.3, 8.19.15 of Bitbucket Data Center and Server. This...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Improper Authorization spring-security-crypto dependency in Bamboo Data Center
This High severity spring-security-crypto dependency vulnerability was introduced in versions 9.6.0, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an...
DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 7.19 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.4, 8.13.4, 8.14.3, 8.15.2, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score o...
Captcha doesn't work for page preview comment
Steps to reproduce: go to Configuration - Spam Prevention turn on Captcha for everyone create a page with image click the image to preview try to make a comment on the image Expected: User needs to enter the captcha to submit the comment Actual: User can submit the comment without entering the...
group normalisation from 4.0 upgrade tasks is breaking permissions
Group normalisation from 4.0 upgrade tasks is breaking permissions. Scenario: backup created for 3.1.7 instance, repo "repo-uppercase-access" configured with "GROUP-A" can read access backup file restored on 4.1 instance, I can see following messages in the upgrade log code$ grep -i renam...
Cannot sign commits and tags for Git Flow
The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...
users without "delete attachment permission" can delete attachment
go to space tools permissions and remove the permission of user X to delete attachments go to a page of that space which contains an attachment go to attachments no "delete" link available / expand an attachment to see older versionns including current version for each version there is the...
Bad performance noticed on issues with long history
Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no history and on an issue with a long history. I enabled Profiling on JIRA to check the difference: Example 1: Issue with 858 entries on history: noformat 2015-10-21...
Remove old plugin manager
The old plugin manager is still available in confluence if you know the URL ../admin/viewplugins.action it looks quite terrible and given it is almost an unknown feature most of the current Confluence Team would not know to fix it if there are security problems with it. It was kept when we put UP...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...
User receiving notification from a restricted space
h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...
OGNL Double Evaluation Vulnerability
We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...
Adding Subscription Cal by URL stores user password unencrypted
I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really no excuse for this. Subscribe to a calendar by url, then in the DB : code SELECT TOP 1000 ID ,KEY ,SUBCALENDARID ,VALUE FROM YOUR-DB-NAME.dbo.AO950DC3TCSUBCALSPROPS code As an...
Mail sever configuration page sends mail server password back in the html
The mail server configuration page fills in the current mail server password in the html and it should not. Instead a place-holder value should be used instead of the current password value and if the place-holder value is submitted in a request then the mail server password is not updated...
Session ID URL's in logfile
Hi, In the logfiles you can see the session ID's in the URL. Can this be used to hack into a another account?...
"Recently updated" plugin can be used to reflect arbitrary static content to browser
This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...
Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions
h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Browse through Confluence as anonymous Do a search h4.Expected Results: Results should not contain anything from Questions. h4.Actual Results: Results show Questions topics, but upon...
Can't push subtree
As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...
Make categories in Space Directory visible only to users who can access the spaces
Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...
Hide passwords in ps aux for https git tasks
When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...
Direct Object Reference - User Information Disclosure
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious use...
Applink configuration data is exposed anonymously
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...
Content with inherited restrictions still appears in search results
I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...
Privilege escalation
We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...