Spring Framework Vulnerability - CVE-2020-5398

h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...

Clickjacking Issue in Confluence

h3. Issue Summary Based on the https://jira.atlassian.com/browse/CONFSERVER-29230|https://jira.atlassian.com/browse/https://jira.atlassian.com/browse/CONFSERVER-29230 this was supposedly fixed from Confluence 5.8.5 version onwards and looks like it is still impacting few URL's embedded within the...

CSRF in Application Links plugin allows network enumeration - CVE-2019-20100

Atlassian Jira Server and Data Center before version 8.7.0 use a version of the Atlassian Application Links plugin that is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to...

CSRF in Application Links plugin allows network enumeration - CVE-2019-20100

Atlassian Jira Server and Data Center before version 8.7.0 use a version of the Atlassian Application Links plugin that is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to...

CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerat...

CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerat...

CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumera...

CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098

The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery CSRF. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumera...

Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...

Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...

Information leak through broken access control in Jira Server and Data Center - CVE-2019-20407

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check...

Information leak through broken access control in Jira Server and Data Center - CVE-2019-20407

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check...

JMX monitoring flag in Jira was vulnerable to XSRF/CSRF - CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

JMX monitoring flag in Jira was vulnerable to XSRF/CSRF - CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

Improper authorization on project titles vulnerability in Jira - CVE-2019-20404

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. h3. Note on fix The fix was tested internally before backporting it and no issues were...

Improper authorization on project titles vulnerability in Jira - CVE-2019-20404

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. h3. Note on fix The fix was tested internally before backporting it and no issues were...

Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability...

Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability...

Improper authorization on support files vulnerability in Jira - CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...

Improper authorization on support files vulnerability in Jira - CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...

Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug...

Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug...

Improper Authorization in Applinks - CVE-2019-20105

The Application links plugin used in Atlassian Jira Server and Data Center before version 7.13.12, from version 8.0.0 before version 8.5.4 and from version 8.6.0 before version 8.6.1 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an...

Improper Authorization in Applinks - CVE-2019-20105

The Application links plugin used in Atlassian Jira Server and Data Center before version 7.13.12, from version 8.0.0 before version 8.5.4 and from version 8.6.0 before version 8.6.1 allows remote attackers with administrator privileges to edit existing applinks without passing WebSudo via an...

XXE in OpenID client application - CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...

XXE in OpenID client application - CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...

Uploading a malformed Word document and requesting it repeatedly renders Confluence unavailable.

h3. Issue Summary From the researcher: There is a Denial of Service issue in the "Import Word Document" functionality of Confluence Server. When importing a specially crafted word or openoffice document see attached Confluence will throw an java.lang.OutOfMemoryError:. Background: A Word document...

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...

SSRF when adding Jira server in admin plugin

h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...

SSRF when adding Jira server in admin plugin

h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...

User with no permissions can brute force agent ID and view agent information

h3. Issue Summary By using the url /agent/viewAgentExecutableEnvironments.action?agentId=, any logged in user, even one with absolutely no permissions, can brute force the agent id and view all the agent's information. The steps below are specific to the researcher's video attached and will likel...

Restricting user's permissions from a page does not prevent the user from seeing it in /users/viewnotifications.action

h3. Issue Summary If a user was watching a page and then their permissions to view the page are removed, while they technically won't receive notifications about the page, they can still see the page, and thus title changes, at /users/viewnotifications.action h3. Steps to Reproduce As user A,...

The team calendar event notification should not contain Confluence version number

h3. Issue Summary The team calendar notification template shows the Confluence version number in the footer, which might be a security vulnerability for some customers. h3. Steps to Reproduce Create an event on the Confluence team calendar and wait for the reminder email to be sent. h3. Expected...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Fisheye before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Fisheye before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Crucible before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Crucible before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011

The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for mor...

Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011

The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for mor...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...

https://jira.atlassian.com/browse/JRASERVER-70409 for Bitbucket Server

The version of the Application Links plugin used in Bitbucket Server and Bitbucket Data Center before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remot...

https://jira.atlassian.com/browse/JRASERVER-70409 for Bitbucket Server

The version of the Application Links plugin used in Bitbucket Server and Bitbucket Data Center before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remot...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Bamboo before version 6.8.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Bamboo before version 6.8.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Jira before version 8.4.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Open redirect vulnerability in login.jsp - CVE-2019-20901

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...

Open redirect vulnerability in login.jsp - CVE-2019-20901

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...