Jira on Windows was vulnerable to DLL hijacking - CVE-2019-20400

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. h3. Acknowledgment We would like to thank Peleg Hadar of SafeBreach Labs for...

Jira on Windows was vulnerable to DLL hijacking - CVE-2019-20400

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. h3. Acknowledgment We would like to thank Peleg Hadar of SafeBreach Labs for...

Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...

Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...

Improper authorization check in the WorkflowResource class removeStatus method - CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...

Improper authorization check in the WorkflowResource class removeStatus method - CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...

Confluence Server and Data Center - Atlassian Companion Man-in-the-Middle - CVE-2019-15006

h3. Issue Summary There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence...

Confluence Server and Data Center - Atlassian Companion Man-in-the-Middle - CVE-2019-15006

h3. Issue Summary There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence...

Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...

Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...

Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...

Improper authorization vulnerability in the /json/profile/removeStarAjax.do resource - CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability...

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

XSS in the /plugins/servlet/branchreview resource through the reviewedBranch parameter - CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the reviewedBranch parameter...

XSS in the the review resource through the name of a missing branch - CVE-2019-15007

The review resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

XSS in the the review resource through the name of a missing branch - CVE-2019-15007

The review resource in Atlassian Fisheye before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

XSS in the the review resource through the name of a missing branch - CVE-2019-15007

The review resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

XSS in the the review resource through the name of a missing branch - CVE-2019-15007

The review resource in Atlassian Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

RCE jackson-databind

h3. Issue Summary https://hello.atlassian.net/wiki/spaces/SECURITY/pages/566213966/CVE-2019-17267+Investigation+jackson-databind+RCE+again h3. Steps to Reproduce search on stash for jackson-databind...

Disabling SAML override in Confluence Data Center doesn't work

h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...

Disabling SAML override in Confluence Data Center doesn't work

h3. Issue Summary Disabling SAML override in Confluence DC, to ensure no users can log in to Confluence via SAML/SSO only, still allows users to use default login URL and access the instance with local credentials. h3. Steps to Reproduce Configure Confluence DC with SAML/SSO steps not covered her...

Editing Applinks with Admin account without requiring Administrator Access (WebSudo)

h3. Issue Summary Applink can be edited without needing to log in with WebSudo access if given direct URL - $baseURL/plugins/servlet/applinks/edit/$appLink-ID User will still need to be an administrator to make this change as the page will only be accessible by an administrator as non-admin users...

IDOR View Private Unrelease and Release Titles

h3. Reported by bug bounty|https://tracker.bugcrowd.com/atlassian/submissions/73229d116b86b26d234a76ba428a5d02a68cfa716a7ce8b3912ad67c3c653932 h3. Issue Summary A non-admin is able to view the "release version" page but not make a release. h3. Steps to Reproduce Open two browsers and login as adm...

Comment properties do not respect permissions

h3. Issue Summary Comment properties do not respect permissions on the comment like the docs say|https://docs.atlassian.com/software/jira/docs/api/REST/8.4.1/api/2/comment/%7BcommentId%7D/properties-getProperty This issue was reported via bugbounty...

Authorization bypass allows information disclosure - CVE-2019-15003

h3. Authorization bypass allows information disclosure - CVE-2019-15003 h4. Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels|https://www.atlassian.com/security/security-severity-levels. The scale allow...

Authorization bypass allows information disclosure - CVE-2019-15003

h3. Authorization bypass allows information disclosure - CVE-2019-15003 h4. Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels|https://www.atlassian.com/security/security-severity-levels. The scale allow...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)

h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...

Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email...

Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email...

Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Fisheye & Crucible before version 4.7.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. Th...

Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Fisheye & Crucible before version 4.7.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. Th...

Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...

Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...

Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was bundled in Confluence Server & Confluence Data Center before version 7.0.1, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a...

Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was bundled in Confluence Server & Confluence Data Center before version 7.0.1, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a...

Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Jira Server & Jira Data Center before version 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorizati...

Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Jira Server & Jira Data Center before version 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorizati...

SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Bitbucket Server & Bitbucket Data Center before version 6.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing...

Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Bitbucket Server & Bitbucket Data Center before version 6.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing...

General user Agent Status page reveals also details of builds for users that do not have View permission

h3. Issue Summary h3. Environment This issue is approved to happen for Bamboo version 6.9.1, likely it happens for all Bamboo versions. h3. Steps to Reproduce Define a non-Admin user a Bamboo admin already should exist via installation Provide global, project and plan permissions to this user,...

Template injection in Jira importers plugin - CVE-2019-15001

h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...

Template injection in Jira importers plugin - CVE-2019-15001

h3. Issue Summary There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin JIM. An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on...

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

Clicking on <agent> of a build result reveals details of all run builds, not only for the ones for which a non-Admin user has View permission

h3. Issue Summary h3. Environment This issue is approved to happen for Bamboo version 6.7.2 and 6.9.1, likely it happens for all Bamboo versions. h3. Steps to Reproduce Define a non-Admin user a Bamboo admin should already exist via installation Provide global, project and plan permissions,...