4195 matches found
Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server
This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.4.0, 9.7.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. Jira Software Data Center versions 9.14.0, 9.13.0, 9.13.1 are NOT affected This...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server
This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Request Smuggling org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2023-48795 vulnerability on SSH
panel:title=Strict key exchange support|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa The server now supports strict key exchange in 8.9.10+ LTS, 8.13.6+, 8.14.5+, 8.15.4+, 8.16.3+, 8.17.1+ and 8.18.0+. If old SSH clients that don't support strict key exchange are being...
Confluence 8.7.1 is using a vulnerable library - spring-web-5.3.30
h3. Issue Summary CVE - CVE-2016-1000027 Advisory URL - https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 h3. Steps to Reproduce Build confluence to find the vulnerable artifact h3. Expected Results Vulnerable library is fixed h3. Actual Results Vulnerable library found at -...
When anonymously accessed, the "Related Labels" section show labels that are tagged on pages in non-anonymous spaces.
h3. Issue Summary When anonymously accessed, the "Related Labels" section shows labels that are tagged on pages in non-anonymous spaces. This is reproducible on the Data Center: yes Pre-condition: 1. Page accessible anonymously has been labelled - e.g. label1 and label2. 2. Page that is not...
Merge Conflicts PRs in Confluence-Distribution
Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bamboo Data Center and Server
This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server
This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...
DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server
This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Info Disclosure org.codehaus.plexus:plexus-utils Dependency in Bamboo Data Center and Server
This High severity org.codehaus.plexus:plexus-utils Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.codehaus.plexus:plexus-utils Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:...
RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server
This High severity com.h2database:h2 Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This com.h2database:h2 Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...
Request Smuggling org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server
This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in version 9.4.0 of Jira Software Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Info Disclosure org.apache.santuario:xmlsec Dependency in Crowd Data Center and Server
This High severity org.apache.santuario:xmlsec Dependency vulnerability was introduced in all versions of Crowd Data Center and Server before 5.2.2 This org.apache.santuario:xmlsec Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bitbucket Data Center and Server
This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVS...
DoS (Denial of Service) org.json:json Dependency in Bamboo Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 9.2.3, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server
This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
SSRF org.apache.xmlgraphics:batik-bridge Dependency in Jira Service Management Data Center and Server
This High severity org.apache.xmlgraphics:batik-bridge Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, and 5.12.0 of Jira Service Management Data Center and Server. This org.apache.xmlgraphics:batik-bridge Dependency vulnerability, with a CV...
atl_token parameter visible from the URL
h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Login to Bamboo Create plans and generate report Application sends a token through the URL itself. h3. Expected Results Application should not send atltoken parameter in URL h3. Actual Results application sends a...
Attachments download link still works even after deleting attachment from page
h3. Issue Summary The attachment download link still works even after deleting the attachment from the page. h3. Steps to Reproduce Create a Page and add any attachments to the page Click on the attachment and download the attachment using the download button Now, right-click on the download butt...
DoS (Denial of Service) org.json:json Dependency in Bitbucket Data Center and Server
This High severity org.json:json Dependency vulnerability was introduced in versions 7.17.0, 7.21.15, 8.9.4, 8.13.0, 8.14.0, and 8.15.0 of Bitbucket Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) com.squareup.okio:okio-jvm Dependency in Confluence Data Center and Server
This High severity com.squareup.okio:okio-jvm Dependency vulnerability was introduced in versions 7.13.0, 7.19.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, and 8.6.0 of Confluence Data Center and Server. This com.squareup.okio:okio-jvm Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...
XXE (XML External Entity Injection) jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, and 9.6.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows ...
RCE (Remote Code Execution) in Confluence Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
RCE in Confluence Data Center and Server - CVE-2023-22522
h2. Summary of Vulnerability This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve RCE on an affected instance. Confluence Data Center and...
DoS (Denial of Service) okio in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability is included in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, and 8.14.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled with ...
Confluence XHR requests have the wrong content type
h3. Problem Watching or Stop watching a Confluence page and other operations see below list of identified endpoints will generate a request like the one below copied as curl from HAR capture for convenience: code:java curl 'https://confluence/rest/api/user/watch/content/9999999' \ -X 'DELETE' \ -...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589. h3. Environment From Confluence 6.10.0, which comes with Apache 9.0.8, up to Confluence...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary This is reproducible on Data Center: / Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 h3. Environment 8.1.x to 9.4.x h3. Steps to Reproduce Check the Apache Tomcat version...
DOM-based XSS in comment when edit in a new tab
h3. Issue Summary DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker- controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval or innerHTML. This enables attackers to execute maliciously JavaScript, which...
DoS (Denial of Service) net.minidev:json-smart Vulnerability in Confluence Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 5.7.1 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...
DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 5.2.0, 5.1.5, 5.0.7, 4.4.5, and other older versions of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Third-Party Dependency in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in version 7.21.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
RCE (Remote Code Execution) in Crowd Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...
DoS (Denial of Service) apache-struts in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
Info Disclosure com.google.guava:guava in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of...
DoS (Denial of Service) json-java in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...