Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2010/05/20 3:13 a.m.15 views

Pluggable CAPTCHA

CAPTCHA should be pluggable in JIRA CAPTCHA|http://en.wikipedia.org/wiki/CAPTCHA is supposed to stop spam and other automated nefarious usage of systems. But there is an arms race of CAPTCHA breaking|http://www.slightlyshadyseo.com/index.php/xmcps-how-tobasic-captcha-cracking-techniques-part-1/ a...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 5:52 a.m.15 views

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/16 4:36 a.m.15 views

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/16 1:0 a.m.15 views

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.15 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/12/07 3:45 a.m.15 views

KB "Running JIRA over SSL or HTTPS" needs review for Windows Standalone scenario

There are three recommended updates to the KB Running JIRA over SSL or HTTPS|http://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS based on customer feedback. 1. quote When asked to "What is your first and last name" make sure you enter in the DNS name that you will use to...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/08/12 6:33 p.m.15 views

Uploading large fonts for PDF export fails with XSRF error

When uploading souizhs.ttf font that we use due to its comprehensive UTF8 support, I'm getting XSRF validation error: quote Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page. quote I tried...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2009/06/26 2:5 a.m.15 views

XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/06/03 7:28 a.m.15 views

XSS vulnerability when moving page between spaces

You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly. To reproduce. 1 Create a space called alert"Howdy"; 2 Create a page in another...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/04/21 1:39 p.m.15 views

Issue attachments, need a functionality of Security Schemes

In our JIRA instance both customers and developers have access to issues. We would like to have a security scheme functionality in connection to issue's attachments. In other words, we would like to attach a documentation which would not be visible to customers or other groups of JIRA users...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/10/03 8:58 p.m.15 views

Restrict anonymous users from viewing user profiles.

Even if I start Confluence with -Dconfluence.disable.peopledirectory.anonymous=true, it is still possible to browse individual users by visiting a URL like https://wikiBaseUrl/display/accountName. This is a major security problem for us because it exposes: 1. The user's name 2. The user's ID 3. T...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/07/12 2:44 p.m.15 views

Confluence breaks SSO integration (PATCH)

A long time ago when I wrote our authenticator for wikis.sun.com, I noticed that under some circumstances our SSO server didn't redirect back to wikis.sun.com correctly. It redirected to a confluence URI without specifying the host and the domain, which resulted in the browser ending up on our SS...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/07/03 4:7 p.m.15 views

Do not release details about securrity vulnerabilities until after the fix was available for a reasonable period of time

It is an unfortunate practice at Atlassian to as a part of release notes release all the information, often including example exploits|http://jira.atlassian.com/browse/CONF-9350, about security vulnerabilities that were fixed in the version being released. This gives us great headaches because: w...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/03/11 4:8 a.m.15 views

username not validated in add user to favourites action

Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2008/02/19 3:16 p.m.15 views

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/02/19 3:16 p.m.15 views

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/09/25 9:12 p.m.15 views

Cross-site scripting vulnerability in 500page.jsp

The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack. The file 500page.jsp should escape the attributes and parameters to prevent code...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2007/07/17 12:59 a.m.15 views

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2007/07/17 12:51 a.m.15 views

Create patch to CONF-8877 for Confluence 2.5.4

Since this is a major security issue we need to create patches for older versions...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.14 views

Injection in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9287 was introduced in versions 1.0.4, 6.2.4, 7.0.0, and 7.1.0 of Crowd Data Cente...

9.1CVSS5.6AI score0.0047EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/10 4:5 a.m.14 views

DoS (Denial of Service) axios Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.01099EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/09 11:31 p.m.14 views

SSRF (Server Side Request Forgery) axios Dependency in Jira Software Data Center and Server

This High severity SSRF Server Side Request Forgery vulnerability known as CVE-2025-27152 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P allows a...

8.7CVSS6.3AI score0.00759EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/09 7:24 a.m.14 views

Prototype Pollution zrender Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability known as CVE-2021-39227 was introduced in 10.3.0, and 11.0.0 of Jira Software Data...

9.8CVSS9.4AI score0.01347EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/04 10:46 p.m.14 views

DoS (Denial of Service) minimatch Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-3517 was introduced in 10.3.13 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attack...

7.5CVSS6.7AI score0.01674EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/04 7:17 a.m.14 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Service Management Data Center and Server

This High severity Improper Authorization vulnerability was introduced in versions 11.01.1 and 11.1.1 of Jira Service Management Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacke...

7.5CVSS6.5AI score0.0046EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/03 10:10 a.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

8.2CVSS6.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 10:27 p.m.14 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Software Data Center and Server

This High severity Improper Authorization vulnerability was introduced in versions 11.01.1 and 11.1.1 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expos...

7.5CVSS8.1AI score0.0046EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

7.5CVSS6.6AI score0.02656EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

Information Disclosure com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity Information Disclosure vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N allows an unauthenticated attacker to expo...

7.2CVSS6.4AI score0.00432EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 p.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.12.5, 9.12.6, 9.12.7, 9.12.8, 9.12.9, 9.12.10, 9.12.11, 9.12.12, 9.12.13, 9.12.14, 9.12.15, 9.12.16, 9.12.17, 9.12.18, 9.12.19, 9.12.22, 9.12.23, 9.12.24, 9.12.25,...

8.2CVSS5.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

SSRF (Server-Side Request Forgery) in Confluence Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability known as CVE-2024-29415 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated attacker t...

8.1CVSS6.9AI score0.08279EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587

This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.02267EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.14 views

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24785

This High severity vulnerability known as CVE-2022-24785 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.05664EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 5:27 a.m.14 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.01613EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:28 p.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-4068

This High severity vulnerability known as CVE-2024-4068 was introduced in 3.0.2, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.01471EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-55163

This High severity vulnerability known as CVE-2025-55163 was introduced in 3.3.1, 3.5.0, 3.6.0, 8.18.0, 9.1.0, 9.0.1, 9.2.0, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 10.0.0, 9.4.6, 9.4.7, 9.4.8, 9.4.9, 9.4.11 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a...

8.2CVSS6.5AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.14 views

Open Redirect Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-26159

This High severity vulnerability known as CVE-2023-26159 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

7.3CVSS6.8AI score0.00797EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 9:8 a.m.14 views

DoS (Denial of Service) org.apache.tomcat:tomcat-util Dependency Vulnerability in Bamboo Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-52434 was introduced in 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.6.5, 9.6.6, 9.6.7, 9.6.8, 10.2.0, 9.6.9, 9.6.10, 10.2.1, 10.2.2, 10.2.3, 9.6.11, 9.6.12, 10.2.4, 9.6.13, 9.6.14, 10.2.5, 10.2.6, 9.6.15, 10.2.7 of Bamboo Data Center and...

7.5CVSS7.8AI score0.01819EPSS
Exploits0
Atlassian
Atlassian
added 2016/11/28 3:58 a.m.14 views

Update atlassian-gadgets in JIRA Server to fix AG-1502

Now that https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets to a version that contains a fix for it. In this case JIRA Server would update atlassian-gadgets to a version = 4.2.14...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/14 7:2 p.m.14 views

123

STR: 1/ Go to discount calculetor http://www.nibulon.com/data/zakupivlya-silgospprodukcii/kalkulyator-znizhok.html 2. Enter value '9999999999999999999999999999999999999999999999999999999999999999' into 'Виберіть показник вологості' file Enter some vald value 'Виберіть показник сміттєвої домішки' ...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/01/07 11:30 a.m.14 views

Stronger algorithm used to digest instance admin password

Let's use PKCS5S2...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/10/21 5:33 p.m.14 views

Bad performance noticed on issues with long history

Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no history and on an issue with a long history. I enabled Profiling on JIRA to check the difference: Example 1: Issue with 858 entries on history: noformat 2015-10-21...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.14 views

Make categories in Space Directory visible only to users who can access the spaces

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34136. panel Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.14 views

Make categories in Space Directory visible only to users who can access the spaces

Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.14 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.14 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/07/30 11:51 a.m.14 views

Better error handling when changing password with LDAP connected

When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following when trying to change their password. This error will be thrown when the LDAP directory has a certain password restrictions and the user input the password which does no...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/07/26 3:5 a.m.14 views

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/12/24 2:23 a.m.14 views

XSS vulnerability in source tab configure project

Create a new group named "alert"XSS" 2. In the OnDemand administration section click Fisheye, then Configure to the right of the project name This vulnerability is due to an unescaped group.name parameter in projectrepositorypermissions.vm e.g...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/03 11:31 a.m.14 views

Turning off Anti-XSRF protection for comments has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...

0.5AI score
Exploits0
Total number of security vulnerabilities4295