4195 matches found
Privelege Escalation:- User having no permission is able to access logs of all private branches via ViewError Endpoint
h3. Issue Summary It has been observed that user having no permission is able to access error logs of all private branches which reveals the information related to project,agent,build etc. Bug Bounty report:...
Include additional parameters to avoid reverse tabnabbing exploits
A customer had their Confluence instance reviewed and found that it was susceptible to Reverse Tabnabbing, like Jira is in JRASERVER-68830. Steps to replicate the issue on Confluence can be found in the file below. ^tabnabbingfindingconfluence.pdf...
XSS in branch name
h3. Issue Summary Advisory: Stored Cross-site scripting Description =========== Short summary of the vulnerability. A stored cross-site scripting XSS vulnerability was discovered in the Commits section of the Bitbucket application. An attacker can create a branch and inject an XSS payload into th...
ConfigureReport.jspa endpoint available for unauthenticated users
h3. Issue Summary I can access this report page without logging in with public sharing off: codehttp://localhost:8854/j854/secure/ConfigureReport.jspa?reportKey=com.atlassian.jira.jira-core-reports-plugin:singlelevelgroupbycode Was also able to hit the following page...
Access to all question drafts in private spaces via API
h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2020-1935|https://vulners.com/cve/CVE-2020-1935 CVE-2019-17569|https://vulners.com/cve/CVE-2019-17569 CVE-2020-1938|https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2020-1938 Which affects the following...
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2020-1935|https://vulners.com/cve/CVE-2020-1935 CVE-2019-17569|https://vulners.com/cve/CVE-2019-17569 CVE-2020-1938|https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2020-1938 Which affects the following...
SSRF in OIDC Setup [Bitbucket Data Center]
h3. Issue Summary SSRF h3. Steps to Reproduce During set-up of a custom OpenID Connect identity provider in Bitbucket Server but may apply to other Data Center applications that use the same OIDC module|https://hub.docker.com/r/atlassian/bitbucket-server/, one has to specify the "Issuer URL". As...
About Jira page can be accessed anonymously
h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...
About Jira page can be accessed anonymously
h3. Issue Summary "About Jira" page can be accessed anonymously. This can expose the Jira application versions. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version. h3. Steps to Reproduce Access...
Filter for custom field values shows all options from all contexts
h3. Summary If a custom field is added to a Portfolio plan, the Portfolio filter will show all options from all contexts configured in the custom field in Jira. h3. Steps to Reproduce Create a custom field with multiple contexts and values across contexts. Assign different projects to separate...
Users that are not logged into Jira can navigate to crafted URL's and inject messages onto the page
h3. Issue Summary Non-authenticated users can navigate to crafted URL's in Jira and inject messages onto the page. h3. Steps to Reproduce Navigate to a URL such as localhost:8080/jira/secure/VoteOrWatchIssue.jspa Add some additional text behind the URL such as...
RCE in jackson-databind
h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...
RCE in jackson-databind
h3. Issue Summary Jira Server used a vulnerable version of jackson-databind . In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330. Upgrade jackson-databind to at least version 2.9.10.20200103...
REST API for Add user to group returns error 400 instead of 404 when the user does not exist
h3. Issue Summary REST API for Add user to group returns error 400 instead of 404 when the user does not exist. According to the documentation of JIRA 8.5.3|https://docs.atlassian.com/software/jira/docs/api/REST/8.5.3/api/2/group-addUserToGroup when the user or group does not exist, an error 404...
DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 Fixed versions: 8.5.5 8.7.2 8.8.0...
DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 Fixed versions: 8.5.5 8.7.2 8.8.0...
Make use of Secure Introspector in Velocity Templates - CVE-2019-20409
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...
Make use of Secure Introspector in Velocity Templates - CVE-2019-20409
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
Application DoS via the /rendering/wiki endpoint - CVE-2019-20418
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...
Template injection in Web Resources Manager - CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remo...
Template injection in Web Resources Manager - CVE-2020-14172
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remo...
Jira uses vulnerable jQuery version CVE-2015-9251
h3. Issue Summary jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jira uses jQuery 2.2.4 as of Jira 8.8.0 https://nvd.nist.gov/vuln/detail/CVE-2015-92...
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
Improper authorization on /rest/project-templates/1.0/createshared endpoint - CVE-2020-4029
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project names via an improper authorization vulnerability in the /rest/project-templates/1.0/createshared endpoint API endpoint. Affected versions: version 8.5.5 8.6.0 ≤ version 8.7.2 8.8.0 ≤ version...
XSS in XML export view - CVE-2020-4021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.5 8.6.0 ≤ version 8.8.1 Fixed versions: 7.13.16 8.5....
XSS in XML export view - CVE-2020-4021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the XML export view. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.5 8.6.0 ≤ version 8.8.1 Fixed versions: 7.13.16 8.5....
Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...
Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. h5. Acknowledgements Credit for finding this vulnerability goes to Johannes...
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. h5. Acknowledgements Credit for finding...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...
Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...
Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration...