Self-xss via copying content from a PDF - CVE-2021-39111

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the handling of supplied content such a...

Self-xss via copying content from a PDF - CVE-2021-39111

The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the handling of supplied content such a...

Project key enumeration via the /rest/api/latest/projectvalidate/key endpoint - CVE-2021-39121

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...

Project key enumeration via the /rest/api/latest/projectvalidate/key endpoint - CVE-2021-39121

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from...

Jira is affected by Tomcat CVE-2020-13943

Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2020-13943|https://vulners.com/cve/CVE-2020-13943. The affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from versi...

Jira is affected by Tomcat CVE-2020-13943

Affected versions of Atlassian Jira Server and Data Center used versions of Apache Tomcat that were vulnerable to CVE-2020-13943|https://vulners.com/cve/CVE-2020-13943. The affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from versi...

Limited Remote File Read in Jira Software Server - CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

Limited Remote File Read in Jira Software Server - CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...

Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505

Affected versions of Atlassian Jira Server and Data Center used versions of XStream that were vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. The affected versions of Jira Server and Data Center are before version 8.18.0. Affected versions:...

Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505

Affected versions of Atlassian Jira Server and Data Center used versions of XStream that were vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. The affected versions of Jira Server and Data Center are before version 8.18.0. Affected versions:...

Remote code execution in workflow import - CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability which allowed for various...

Remote code execution in workflow import - CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability which allowed for various...

Audit Logs Store LDAP Password in Plain Text

h3. Problem In Confluence, when an external LDAP directory is created/modified, Audit logs store the LDAP connection password as plain text. h3. Environment 7.4.x . h3. Steps to Reproduce 1. In Confluence, create or modify a directory as Microsoft Active Directory, Crowd, Jira etc 2. After...

Audit Logs Store LDAP Password in Plain Text

h3. Problem In Confluence, when an external LDAP directory is created/modified, Audit logs store the LDAP connection password as plain text. h3. Environment 7.4.x . h3. Steps to Reproduce 1. In Confluence, create or modify a directory as Microsoft Active Directory, Crowd, Jira etc 2. After...

Confluence Server Webwork OGNL injection - CVE-2021-26084

This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. An OGNL injection vulnerability exists that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The CVE ID is CVE-2021-26084. h4...

Confluence Server Webwork OGNL injection - CVE-2021-26084

This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. An OGNL injection vulnerability exists that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The CVE ID is CVE-2021-26084. h4...

Vulnerable version of Underscore.js used - CVE-2021-23358

Affected versions of Atlassian Jira Server and Data Center used Underscore.js 1.9.1, which was vulnerable to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358. The affected versions of Atlassian Jira Server and Data Center are before version 8.18.0. Affected versions: version 8.13.10 8.14.0 =...

Vulnerable version of Underscore.js used - CVE-2021-23358

Affected versions of Atlassian Jira Server and Data Center used Underscore.js 1.9.1, which was vulnerable to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358. The affected versions of Atlassian Jira Server and Data Center are before version 8.18.0. Affected versions: version 8.13.10 8.14.0 =...

Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. This vulnerability was...

Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. This vulnerability was...

Preventing path disclosure in file upload functionality and Page export for security purposes

h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...

Preventing path disclosure in file upload functionality and Page export for security purposes

h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...

Anonymous users can access the /rest/whitelist/<version>/check resource - CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. Affected...

Anonymous users can access the /rest/whitelist/<version>/check resource - CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist//check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. Affected...

Anonymous users can view list of installed gadgets in Jira

h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...

Anonymous users can view list of installed gadgets in Jira

h3. Issue Summary Endpoint "rest/config/1.0/directory" can be accessed anonymously. This page is an XML output that exposes the gadgets installed on the Jira instance. While there are not be any identifying information, user data, or anything else available to anonymous users if they hit this URL...

Upgrade the bundled version of Apache Tomcat to 8.5.68 or later

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037, CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037 Base Score: 5.3 MEDIUM CVE-2021-42340|https://vulners.com/cve/CVE-2021-42340 NVD score not yet...

Upgrade the bundled version of Apache Tomcat to 8.5.68 or later

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037, CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037 Base Score: 5.3 MEDIUM CVE-2021-42340|https://vulners.com/cve/CVE-2021-42340 NVD score not yet...

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page. This bug was introduced in version 8.15.0, and i...

Stored XSS via Custom Fields creation on AssociateFieldToScreens page - CVE-2021-39117

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the Custom Fields creation feature on the AssociateFieldToScreens page. This bug was introduced in version 8.15.0, and i...

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

Local Privilege Escalation via DLL hijack - CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center...

An admin can downgrade or remove a group with sys admin privilege

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

An admin can downgrade or remove a group with sys admin privilege

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

Information disclosure issue in the comment notification feature - CVE-2021-39120

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to learn when a restricted comment is removed from an issue via an information disclosure vulnerability in the comment notification functionality. The affected versions are before version 8.18.0. Affected versions:...

Information disclosure issue in the comment notification feature - CVE-2021-39120

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to learn when a restricted comment is removed from an issue via an information disclosure vulnerability in the comment notification functionality. The affected versions are before version 8.18.0. Affected versions:...

Cached content persisting after disabling anonymous access for allowlist URLs - CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version...

Cached content persisting after disabling anonymous access for allowlist URLs - CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version...

Attachment name, in questions/answers, is searchable despite not having Permissions for Questions

h4. Summary The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title...

Attachment name, in questions/answers, is searchable despite not having Permissions for Questions

h4. Summary The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title...

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239

h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence

h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce Create a new page in Confluence Attach any PDF or picture or any file in that page and then publish the page Copy the image link by right clicking on the image as...

Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence

h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce Create a new page in Confluence Attach any PDF or picture or any file in that page and then publish the page Copy the image link by right clicking on the image as...

Upgrade bundled Java to 8u292+

Currently our latest available Jira version includes AdoptOpenJDK 1.8.0275, which does not include a fix for the following vulnerabilities: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20 It affects AdoptOpenJDK up to 1.8.0282, so we should bundle Jira with AdoptOpenJDK 1.8.02...

Upgrade bundled Java to 8u292+

Currently our latest available Jira version includes AdoptOpenJDK 1.8.0275, which does not include a fix for the following vulnerabilities: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20 It affects AdoptOpenJDK up to 1.8.0282, so we should bundle Jira with AdoptOpenJDK 1.8.02...

Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...