Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2007/03/07 9:2 p.m.16 views

Project Role Modifications not reflected in Issue Security Scheme

If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2006/08/22 7:36 a.m.16 views

publically available usernames are a security risk

The login username of users is revealed all over the place in URLs that link to user profile, or user's list of assigned open bugs etc. This seems to be a big security risk, because you have given away half of the user identification to strangers. Anybody can look up a user in the issue tracker a...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2006/03/27 1:9 a.m.16 views

Don't send any notifications to disabled users

Once a user is disabled, they should not receive any notifications...

2.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/06/24 6:21 a.m.16 views

"Change password" facility modify only a password in a local database, not in LDAP.

If jira is configured to use Ldap authentification and user change its password, Jira checks current password in ldap, but modify password in local database only. I think, the correct behaviour is to change both passwords -- in ldap, because this is the one which is realy used, and in local...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2004/12/01 11:15 p.m.16 views

Manage authentication for NTLM proxies

We want to access RRS content internally, but we are using a secured proxy requiring authentication via NTLM or user/password. We setted up the standard Java proxies properties: http.proxyHost, http.proxyPort and http.auth.ntlm.domain. But it seams that the http.auth.ntlm.domain properties does n...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/02/11 4:29 p.m.15 views

DoS (Denial of Service) ua-parser-js Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5...

7.5CVSS7.2AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2026/02/11 4:28 p.m.15 views

DoS (Denial of Service) semver Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25883 was introduced in versions 9.4.16 and 10.1.1 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS5.7AI score0.02761EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.15 views

SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of...

8.7CVSS7AI score0.00759EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.15 views

Injection in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9287 was introduced in versions 1.0.4, 6.2.4, 7.0.0, and 7.1.0 of Crowd Data Cente...

9.1CVSS5.6AI score0.0047EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.15 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Bamboo Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.1, 10.2.0 of Bamboo Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of: code:java...

8.2CVSS7.3AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/04 6:27 a.m.15 views

DoS (Denial of Service) axios Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

7.5CVSS6.1AI score0.01099EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/04 3:28 a.m.15 views

Prototype Pollution loadash.pick Dependency Vulnerability in Jira Software Data Center and Server

This High severity Prototype Pollution vulnerability known as CVE-2020-8203 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H allows an unauthenticated attacker to take...

7.4CVSS7AI score0.05213EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 10:27 p.m.15 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service Dependency vulnerability, known as CVE-2024-7254, was introduced in version 8.9.0 of Bitbucket Data Center and Server. This vulnerability, with a CVSS Score of 8.7 and a vector of...

8.7CVSS7.6AI score0.02772EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.15 views

Information Disclosure com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity Information Disclosure vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N allows an unauthenticated attacker to expo...

7.2CVSS6.4AI score0.00453EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.15 views

Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24772

This High severity vulnerability known as CVE-2022-24772 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.01015EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.15 views

RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-45133

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.3CVSS6.8AI score0.0052EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-31129

This High severity vulnerability known as CVE-2022-31129 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.04923EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.15 views

Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-48734

This High severity vulnerability known as CVE-2025-48734 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 9.4.0, 9.4.8, 8.19.21 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.8AI score0.01548EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 5:27 a.m.15 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-29415

This High severity vulnerability known as CVE-2024-29415 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.1 and a CV...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.15 views

Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-8203

This High severity vulnerability known as CVE-2020-8203 was introduced in 4.4.0, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.4 an...

7.4CVSS6.8AI score0.05213EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-25710

This High severity vulnerability known as CVE-2024-25710 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

8.1CVSS6.8AI score0.00441EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/13 12:10 a.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-21538

This High severity vulnerability known as CVE-2024-21538 was introduced in 6.0.5, 7.0.3, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 9.4.0, 8.19.12, 8.19.13, 9.4.1, 9.4.2, 8.19.14, 9.4.3, 8.19.15 of Bitbucket Data Center and Server. This...

8.7CVSS6.8AI score0.00873EPSS
Exploits0
Atlassian
Atlassian
added 2025/09/17 3:9 a.m.15 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS6.8AI score0.03389EPSS
Exploits0
Atlassian
Atlassian
added 2025/08/12 12:35 p.m.15 views

DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.0196EPSS
Exploits0
Atlassian
Atlassian
added 2025/08/07 7:9 a.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7.1AI score0.01898EPSS
Exploits0
Atlassian
Atlassian
added 2025/08/07 7:8 a.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7.2AI score0.0196EPSS
Exploits0
Atlassian
Atlassian
added 2025/06/06 5:8 a.m.15 views

Improper Authorization spring-security-crypto dependency in Bamboo Data Center

This High severity spring-security-crypto dependency vulnerability was introduced in versions 9.6.0, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an...

7.4CVSS7.4AI score0.00568EPSS
Exploits0
Atlassian
Atlassian
added 2025/05/22 11:8 p.m.15 views

DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 7.19 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

7.5CVSS7.3AI score0.01119EPSS
Exploits1
Atlassian
Atlassian
added 2025/05/14 5:9 a.m.15 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.4, 8.13.4, 8.14.3, 8.15.2, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score o...

7.5CVSS6.8AI score0.02112EPSS
Exploits1
Atlassian
Atlassian
added 2018/11/12 3:39 a.m.15 views

Captcha doesn't work for page preview comment

Steps to reproduce: go to Configuration - Spam Prevention turn on Captcha for everyone create a page with image click the image to preview try to make a comment on the image Expected: User needs to enter the captcha to submit the comment Actual: User can submit the comment without entering the...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/06/14 12:29 p.m.15 views

group normalisation from 4.0 upgrade tasks is breaking permissions

Group normalisation from 4.0 upgrade tasks is breaking permissions. Scenario: backup created for 3.1.7 instance, repo "repo-uppercase-access" configured with "GROUP-A" can read access backup file restored on 4.1 instance, I can see following messages in the upgrade log code$ grep -i renam...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/05/20 9:54 a.m.15 views

Cannot sign commits and tags for Git Flow

The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/04/22 2:13 p.m.15 views

users without "delete attachment permission" can delete attachment

go to space tools permissions and remove the permission of user X to delete attachments go to a page of that space which contains an attachment go to attachments no "delete" link available / expand an attachment to see older versionns including current version for each version there is the...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/10/21 5:33 p.m.15 views

Bad performance noticed on issues with long history

Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no history and on an issue with a long history. I enabled Profiling on JIRA to check the difference: Example 1: Issue with 858 entries on history: noformat 2015-10-21...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/04 10:6 p.m.15 views

Remove old plugin manager

The old plugin manager is still available in confluence if you know the URL ../admin/viewplugins.action it looks quite terrible and given it is almost an unknown feature most of the current Confluence Team would not know to fix it if there are security problems with it. It was kept when we put UP...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/03 8:28 a.m.15 views

XSS in JIRA via PDF attachment

PDF attachments are considered active content and can be used to xss users...

3.2AI score
Exploits0
Atlassian
Atlassian
added 2015/01/13 9:50 a.m.15 views

User receiving notification from a restricted space

h6. Steps to replicate Download Confluence 5.5.2. Create an user "test". Create a group "testing". Add the user "test" into group "testing". Create a space name "Permission". Restrict the space to group "testing". Access Confluence as user "Test". Access the page name "Permission" and watch the...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/01/09 12:26 a.m.15 views

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...

2.8AI score
Exploits0
Atlassian
Atlassian
added 2014/10/14 5:42 p.m.15 views

Adding Subscription Cal by URL stores user password unencrypted

I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really no excuse for this. Subscribe to a calendar by url, then in the DB : code SELECT TOP 1000 ID ,KEY ,SUBCALENDARID ,VALUE FROM YOUR-DB-NAME.dbo.AO950DC3TCSUBCALSPROPS code As an...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/14 3:23 a.m.15 views

Mail sever configuration page sends mail server password back in the html

The mail server configuration page fills in the current mail server password in the html and it should not. Instead a place-holder value should be used instead of the current password value and if the place-holder value is submitted in a request then the mail server password is not updated...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2014/10/08 7:14 a.m.15 views

Session ID URL's in logfile

Hi, In the logfiles you can see the session ID's in the URL. Can this be used to hack into a another account?...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/07 4:8 a.m.15 views

"Recently updated" plugin can be used to reflect arbitrary static content to browser

This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/01 1:24 a.m.15 views

Confluence search returns results from Questions, eventhough CQ does not have anonymous "can-use" permissions

h4.Steps to Reproduce: Install CQ "1.0.618" or "1.0.618.001" Make sure that CQ does not have anonymous access Browse through Confluence as anonymous Do a search h4.Expected Results: Results should not contain anything from Questions. h4.Actual Results: Results show Questions topics, but upon...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/08 8:1 p.m.15 views

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.15 views

Make categories in Space Directory visible only to users who can access the spaces

Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/10 7:12 p.m.15 views

Hide passwords in ps aux for https git tasks

When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...

Exploits0Affected Software1
Atlassian
Atlassian
added 2014/05/26 11:49 a.m.15 views

Direct Object Reference - User Information Disclosure

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46864. panel A direct object reference vulnerability exists on the answers.atlassian.com platform which allows for malicious use...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2014/05/08 7:34 a.m.15 views

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...

7.3AI score
Exploits0
Atlassian
Atlassian
added 2014/01/01 11:26 p.m.15 views

Content with inherited restrictions still appears in search results

I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/21 4:35 a.m.15 views

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

3AI score
Exploits0
Total number of security vulnerabilities4295