4295 matches found
User can upload attachments to restricted pages that adopt restrictions from parent page
Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...
deletion of a comment with a security setting sends a notification to all watchers and the history tab
As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...
Enable X-FRAME-Options header to implement clickjacking protection
TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current HTTP headers do not contain the X-FRAME-Option, which helps prevents against Clickjacking attacks. A Clickjacking attack is similar to CSRF in which attacker can hijack a...
Make captcha harder, or allow configuration of captcha difficulty, in order to prevent sophisticated spam attacks
Every day we get a load of automated anonymous comment spam on our confluence pages. It seems that the captcha is too easy. Please can you implement an easily configurable mechanism for making captchas that are harder for spam bots...
XSRF vulnerability in the Mail Page plugin
We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Mail Page plugin. Note that the Mail Page plugin is disabled by default. If you do not have this plugin...
Path traversal vulnerability in various Confluence actions
We have identified and fixed a path traversal vulnerability in various Confluence actions. By exploiting a path traversal vulnerability, attackers can retrieve any file on the server that is running Confluence, based on the permissions of the user under which Confluence is running. Path traversal...
Can not UPDATE the "Viewable By" field of an issue
After the creation of an issue it is by default viewable by "All Users". It is not possible to change the value after re-editing that issue. After changing it and clicking the "Update" button, the viewable by entry stays "All Users"...
A link to Re-Indexing is visible to users even if they are not sys admin
I saw this on EACJ where I am not a sys admin quote XXXX made configuration changes in section 'Custom Fields' at 01/Feb/10 1:16 PM. It is recommended that you perform a re-index. For more information, please click the Help icon. To perform the re-index now, please go to the 'Indexing' section...
CAPTCHA Option Should Exist for The Password Reset Form
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-20150. panel The password reset prompt allows an individual to reset any user's password. My company uses a standard employee id to use for...
Warn about assigning "Anyone" group in Global and Project permissions
Assigning anyone to global permissions such as a "Browse user" is a sure way to shoot yourself in the foot inadvertently. We make a vague mention of it in the documentation https://confluence.atlassian.com/display/JIRA/Managing+Global+Permissions quote if you wish to grant the permission to non...
Allow Site Admin to discover restricted pages
A customer mentioned that this functionality is important to have for automation and integration purposes. Currently confluence-administrators are not able to discover restricted pages, despite of their ability to access ie. read the page if they know the url. The customer argued that "this makes...
XSS in concurrent edit notification
If a page is being editted by noformat alert'hacked' noformat and another user edits it at the same time, they are vulnerable to a potential XSS attack...
XSS vulnerability can be exploited with the viewppt macro
Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...
Import Pages is not restricted to system admins
The Import pages actions is currently restricted to space admins not system admins like it should. Caused by CONF-10039...
Boolean operators on user and group management
Please consider this as a feature request for a future release of Confluence. Boolean operands on Space permissions would be awesome. E.g. setup a Space that people in the LDAP group STAFF and the LDAP group Biosciences were the only people that were able to view/edit/add/etc - otherwise I have t...
XSS in site search action
http://confluence.atlassian.com/dosearchsite.action?where=confall&queryString=%3Cscript%3Ealert'foo';%3C/script%3E queryString needs to be escaped. This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default...
Do not release details about securrity vulnerabilities until after the fix was available for a reasonable period of time
It is an unfortunate practice at Atlassian to as a part of release notes release all the information, often including example exploits|http://jira.atlassian.com/browse/CONF-9350, about security vulnerabilities that were fixed in the version being released. This gives us great headaches because: w...
Fix the seraph.os.cookie from failing on Tomcat by upgrading atlassian-seraph
Once SER-117 has been fixed, incorporate the changes into JIRA see the linked issue for a full description of the problem. Note that this only affects Tomcat users; Resin and Orion do not appear to be affected. User Symptoms: Users have checked the "Remember my login on this computer" checkbox al...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Enhance Seraph SSO support to create users automatically
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-4299. panel Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0,...
Insecure Deserialization kind-of Dependency in Crowd Data Center and Server
This High severity Insecure Deserialization vulnerability was introduced in versions 2.0.1, 3.2.2, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center and Server. This Insecure Deserialization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allow...
DoS (Denial of Service) org.codehaus.jettison:jettison Dependency Vulnerability in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2022-4569 was introduced in 5.12.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacke...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-core Dependency Vulnerability in Crowd Data Center and Server
This High severity Improper Authorization vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency Vulnerability in Crowd Data Center
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expose assets in...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency Vulnerability in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...
DoS (Denial of Service) io.netty:netty-codec-http2 Dependency Vulnerability in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker ...
File Inclusion tar-fs Dependency in Confluence Data Center and Server
This High severity File Inclusion vulnerability known as CVE-2024-12905 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker to expose assets in...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.6.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Browsing serverInfo anonymously gives version number information
h3. Issue Summary Browsing serverInfo anonymously gives version number information h3. Steps to Reproduce curl https:///rest/api/2/serverInfo navigate to https:///rest/api/2/serverInfo in a browser h3. Expected Results Fail to connect h3. Actual Results The below exception is thrown in the...
OGNL Double Evaluation Vulnerability
We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to be able to access the Crucible web interface. All versions of Crucible up to and including 3.6.1...
Doconfiguretheme action accessible to non-administrative users
The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...
/secure/admin/jira/AcknowledgeTask.jspa is an open redirect
The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw. Here is an example url which will direct a user to http://google.com...
Announcement Preview banner is a vector for an XSS attack
The announcement preview banner is currently displayed via the global decorator. It can be used for an XSS attack on virtually every page, via the announcementpreviewbannerst URL parameter. We should display the preview only locally in the admin section...
admin gadget rest endpoint information leak
the admin rest endpoint can return admin-only information even if the end user is not an admin...
The TrustedApplicationsFilter doesn't work for /rpc/* URLs
The sessioninview filter doesn't cover rpc URLs I think because this meant that RPC actions didn't show up in the DB until the response what completely written This means that lazily loaded data returned by the HibernateTrustedApplicationDao causes problems when the TrustedApplicationsFilter trie...
XSS vulnerability at "Edit Space Permissions"
Description: XSS vulnerability at "Edit Space Permissions" page Exploit: Write to the "Grant permission to" field: "alertdocument.cookie"...
SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center
This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...
DoS (Denial of Service) @isaacs/brace-expansion Dependency in Confluence Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.7 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a...
XSS (Cross Site Scripting) turbo-stream Dependency in Jira Service Management Data Center
This High severity XSS Cross Site Scripting vulnerability was introduced in versions 10.3.8, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center. This XSS Cross Site Scripting vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
DoS (Denial of Service) path-to-regexp Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Improper Input Validation in MSSQL JDBC driver in Crucible Server and Fisheye Server
This High severity Improper Input Validation in MSSQL driver vulnerability was introduced in version 4.9.0 of Crucible Server and Fisheye Server. This Improper Input Validation vulnerability, with a CVSS Score of 8.1, allows an unauthenticated attacker to exploit an undefinable vulnerability whic...
DoS (Denial of Server) org.apache.struts:struts-core Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2016-1182 was introduced in 11.2.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H allows an unauthenticated attacke...
DoS (Denial of Service) ansi-regex Dependency in Jira Service Management Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.13, and 11.2.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...
adding "Project Member" to User/Group/Projectrole options list for security level
I'm looking for a fast and easy way to handle security viewability of issues over all projects. Scenario is: We have setup the Jira company environment and several different projects. We have some external developers that are assinged to their specific projects. I did not yet use the security...
It is possible to see components without logging in
It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...
BASM (Broken Authentication & Session Management) org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.1, 10.1.1,...
Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Improper Authorization vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1,...