Unauthenticated information leakage of temporary files and project keys - CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/\id/ActionsAndOperations API endpoint. The affected versions are before...

Username enumeration via password reset page - CVE-2021-39125

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...

Username enumeration via password reset page - CVE-2021-39125

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...

Anonymous User is Able to Access Query Component JQL Endpoint - CVE-2021-39127

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability BAC vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...

Anonymous User is Able to Access Query Component JQL Endpoint - CVE-2021-39127

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability BAC vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...

Board metadata is viewable without permissions via IDOR - CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. ...

Board metadata is viewable without permissions via IDOR - CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. ...

Project enumeration via Jira Projects plugin report page - CVE-2020-29451

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version...

Project enumeration via Jira Projects plugin report page - CVE-2020-29451

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version...

Html Macros should respect authenticated user based on allowlist API

Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...

Html Macros should respect authenticated user based on allowlist API

Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...

RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...

RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...

DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

Affected versions of Atlassian Confluence Server allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the avatar upload feature in Confluence. The affected versions are before version 7.2.0. Affected versions: version 7.2.0 Fixed versions:...

DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

Affected versions of Atlassian Confluence Server allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the avatar upload feature in Confluence. The affected versions are before version 7.2.0. Affected versions: version 7.2.0 Fixed versions:...

Sending multiple concurrent file upload requests will permanently break a review - CVE-2020-29447

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. Affected...

Sending multiple concurrent file upload requests will permanently break a review - CVE-2020-29447

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. Affected...

Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...

Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...

SQL Injection in Jira Software Server [Integration for HipChat]

Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin. Affected versions: versions 8.14.0 Fixed versions: 8.14.0 The plugin is no longer installed in new versions of Jira. However, the removal of the plugi...

SQL Injection in Jira Software Server [Integration for HipChat]

Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin. Affected versions: versions 8.14.0 Fixed versions: 8.14.0 The plugin is no longer installed in new versions of Jira. However, the removal of the plugi...

Information disclosure of product SEN via the x-asen response header - CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...

Information disclosure of product SEN via the x-asen response header - CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...

Information disclosure of product SEN via the x-asen response header - CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...

Information disclosure of product SEN via the x-asen response header - CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions:...

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed versions: 4.8.4 4.9.0...

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...

CSRF token theft through referrer headers - CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

CSRF token theft through referrer headers - CVE-2021-39126

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery CSRF vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions a...

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

User has access to project and repository after global permission has been removed

h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...

User has access to project and repository after global permission has been removed

h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

Pre-Authorization Arbitrary File Read - access web.xml via curl with no authentication.

https://asecurityteam.atlassian.net/browse/VULN-196971 h3. Issue Summary The Atlassian Confluence, Atlassian Jira, and Atlassian Crowd are vulnerable to a Pre-Authorization Arbitrary File Read attack vector. Specifically, the /s/ endpoint can be accessed in a specific manner that enables...