Lucene search
K
AtlassianMost viewed

4295 matches found

Atlassian
Atlassian
added 2008/02/19 3:16 p.m.15 views

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/02/07 6:4 a.m.15 views

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/09/25 9:12 p.m.15 views

Cross-site scripting vulnerability in 500page.jsp

The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack. The file 500page.jsp should escape the attributes and parameters to prevent code...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2007/07/19 8:31 p.m.15 views

stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action

Description: Stored XSS via page app/themes/leftnavigation/configuretheme.action?key= Exploit: Example value in the Naviagtion Page field: "aletrdocument.cookiex x="...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/17 5:54 p.m.15 views

Permissions at field level

I would like to be able to limit what users roles are able to modify individual fields. For example, I only want to allow particular people project managers to be able to select a fix version in an issue. However, it seems that any user who can edit an issue, including the reporter, can set the...

2.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/17 12:59 a.m.15 views

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2007/07/17 12:51 a.m.15 views

Create patch to CONF-8877 for Confluence 2.5.4

Since this is a major security issue we need to create patches for older versions...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/07 9:2 p.m.15 views

Project Role Modifications not reflected in Issue Security Scheme

If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/06/24 6:21 a.m.15 views

"Change password" facility modify only a password in a local database, not in LDAP.

If jira is configured to use Ldap authentification and user change its password, Jira checks current password in ldap, but modify password in local database only. I think, the correct behaviour is to change both passwords -- in ldap, because this is the one which is realy used, and in local...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/02/10 3:49 p.m.15 views

Logon with wrong user/password gives 'weird' errorpage.

Error screen after wrong login is 'weird'...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.14 views

Injection in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9287 was introduced in versions 1.0.4, 6.2.4, 7.0.0, and 7.1.0 of Crowd Data Cente...

9.1CVSS5.6AI score0.0047EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/10 4:5 a.m.14 views

DoS (Denial of Service) axios Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.7AI score0.01099EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/09 11:31 p.m.14 views

SSRF (Server Side Request Forgery) axios Dependency in Jira Software Data Center and Server

This High severity SSRF Server Side Request Forgery vulnerability known as CVE-2025-27152 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P allows a...

8.7CVSS6.3AI score0.00759EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/09 7:24 a.m.14 views

Prototype Pollution zrender Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian Jira Software dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability known as CVE-2021-39227 was introduced in 10.3.0, and 11.0.0 of Jira Software Data...

9.8CVSS9.4AI score0.01347EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/04 10:46 p.m.14 views

DoS (Denial of Service) minimatch Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-3517 was introduced in 10.3.13 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attack...

7.5CVSS6.7AI score0.01674EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/04 7:17 a.m.14 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Service Management Data Center and Server

This High severity Improper Authorization vulnerability was introduced in versions 11.01.1 and 11.1.1 of Jira Service Management Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacke...

7.5CVSS6.5AI score0.0046EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/03 10:10 a.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

8.2CVSS6.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 10:27 p.m.14 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Jira Software Data Center and Server

This High severity Improper Authorization vulnerability was introduced in versions 11.01.1 and 11.1.1 of Jira Software Data Center and Server. This vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expos...

7.5CVSS8.1AI score0.0046EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

7.5CVSS6.6AI score0.02656EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

Information Disclosure com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity Information Disclosure vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N allows an unauthenticated attacker to expo...

7.2CVSS6.4AI score0.00432EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 p.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.12.5, 9.12.6, 9.12.7, 9.12.8, 9.12.9, 9.12.10, 9.12.11, 9.12.12, 9.12.13, 9.12.14, 9.12.15, 9.12.16, 9.12.17, 9.12.18, 9.12.19, 9.12.22, 9.12.23, 9.12.24, 9.12.25,...

8.2CVSS5.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

SSRF (Server-Side Request Forgery) in Confluence Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability known as CVE-2024-29415 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated attacker t...

8.1CVSS6.9AI score0.08279EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587

This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.02267EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.14 views

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24785

This High severity vulnerability known as CVE-2022-24785 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.05664EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 5:27 a.m.14 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.01613EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:28 p.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-4068

This High severity vulnerability known as CVE-2024-4068 was introduced in 3.0.2, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.01471EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-55163

This High severity vulnerability known as CVE-2025-55163 was introduced in 3.3.1, 3.5.0, 3.6.0, 8.18.0, 9.1.0, 9.0.1, 9.2.0, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 10.0.0, 9.4.6, 9.4.7, 9.4.8, 9.4.9, 9.4.11 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a...

8.2CVSS6.5AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/13 11:27 p.m.14 views

Open Redirect Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-26159

This High severity vulnerability known as CVE-2023-26159 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

7.3CVSS6.8AI score0.00797EPSS
Exploits1
Atlassian
Atlassian
added 2025/05/14 5:9 a.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.4, 8.13.4, 8.14.3, 8.15.2, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score o...

7.5CVSS6.8AI score0.01966EPSS
Exploits1
Atlassian
Atlassian
added 2016/11/28 3:58 a.m.14 views

Update atlassian-gadgets in JIRA Server to fix AG-1502

Now that https://ecosystem.atlassian.net/browse/AG-1502 has been fixed, upgrade atlassian-gadgets to a version that contains a fix for it. In this case JIRA Server would update atlassian-gadgets to a version = 4.2.14...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/11/14 7:2 p.m.14 views

123

STR: 1/ Go to discount calculetor http://www.nibulon.com/data/zakupivlya-silgospprodukcii/kalkulyator-znizhok.html 2. Enter value '9999999999999999999999999999999999999999999999999999999999999999' into 'Виберіть показник вологості' file Enter some vald value 'Виберіть показник сміттєвої домішки' ...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/01/07 11:30 a.m.14 views

Stronger algorithm used to digest instance admin password

Let's use PKCS5S2...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/03 8:28 a.m.14 views

XSS in JIRA via PDF attachment

PDF attachments are considered active content and can be used to xss users...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/10/08 7:14 a.m.14 views

Session ID URL's in logfile

Hi, In the logfiles you can see the session ID's in the URL. Can this be used to hack into a another account?...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.14 views

Make categories in Space Directory visible only to users who can access the spaces

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34136. panel Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/01 6:2 p.m.14 views

Make categories in Space Directory visible only to users who can access the spaces

Anonymous users can see a list of categories in the Space Directory, even though they don't see the spaces...

3.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.14 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.14 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2013/07/26 3:5 a.m.14 views

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/06/20 8:12 a.m.14 views

Allow cookie-less instance for security reasons

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/08 1:5 p.m.14 views

Several XSS flaws in the /rest/tinymce/1

I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2013/03/04 11:16 p.m.14 views

User receives an email even though they don't have access to the page where a task was unassigned

h3. Steps to reproduce: Find/Create a space that has restricted view access Create a page and assign a task to a user that doesn't have view access to the page. Save the page. User does not receive an email, and the task does not show up in the user's to-do correct behavior Edit the page and...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/12/24 2:23 a.m.14 views

XSS vulnerability in source tab configure project

Create a new group named "alert"XSS" 2. In the OnDemand administration section click Fisheye, then Configure to the right of the project name This vulnerability is due to an unescaped group.name parameter in projectrepositorypermissions.vm e.g...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/03 11:31 a.m.14 views

Turning off Anti-XSRF protection for comments has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2012/05/24 12:15 p.m.14 views

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/11 4:24 p.m.14 views

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/01/12 1:54 p.m.14 views

LogToServer action lets anyone log messages to the server log

Available without authentication. This can be used to hide breakin attempts or fill the disk if no log rotation is in place...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/07/22 4:46 a.m.14 views

Enable X-FRAME-Options header to implement clickjacking protection

TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current HTTP headers do not contain the X-FRAME-Option, which helps prevents against Clickjacking attacks. A Clickjacking attack is similar to CSRF in which attacker can hijack a...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/07/09 1:35 a.m.14 views

Support web sudo and other password confirmation features with custom authenticators

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-22875. panel By default, web sudo and other password confirmation features in Confluence 3.5 and later are disabled if a custom...

Exploits0Affected Software1
Atlassian
Atlassian
added 2011/06/29 5:37 p.m.14 views

On internal error, JIRA will display error information to the user (in the browser)

When JIRA bundled tomcat?? encounters an internal error it displays error information to the user in the browser. This can leak internal, possibly sensitive, information. It should report that there was an error and inform the user to contact their JIRA admin...

3.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities4295