Macro browser breaks https secure connection

h3. Issue Summary Macro browser loads http insecure resources including a data:image/png and a testing mocking resource http://example.com/bla-bla-bla h3. Environment Optional - If Applicable h3. Steps to Reproduce Create a page Open macro browser h3. Expected Results Connection remains secure h3...

Pushing a code with an unlicensed user is possible if it was once a licensed user and an SSH key is added to user's profile

h3. Issue Summary If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code. h3. Environment Every environment. h3. Steps to Reproduce Create a new user. Add any...

Pushing a code with an unlicensed user is possible if it was once a licensed user and an SSH key is added to user's profile

h3. Issue Summary If once licensed users have an SSH key added to their profile, it is still possible for them to push the code once the license had been removed. However, it is not possible to pull the code. h3. Environment Every environment. h3. Steps to Reproduce Create a new user. Add any...

Unable to secure remote agents via automatic keystore management

h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...

Unable to secure remote agents via automatic keystore management

h3. Issue Summary It is not possible to secure the remote agents to connect to the Bamboo Server using SSL through the automatic keystore management feature. h3. Steps to Reproduce Configure Bamboo to use SSL in Broker URL and Broker Client URL Securing your remote...

Attachment name leakage from restricted space

h3. Issue Summary Hello, This issue was discovered through our bugbounty program and has been verified: User can view attachment names in a restricted space by accessing the following endpoint: noformat http://host/rest/previews/templinksresource/attachmenturl?attachmentId=id noformat h3...

Unauthenticated user can check the whitelist rules for any URL

h3. Issue Summary This issue was discovered through our bug bounty program. An unauthenticated user can check if a URL is permitted through the whitelist. noformat /rest/whitelist/1/check?url=http://www.atlassian.comnoformat returns the whitelist rules associated with http://www.atlassian.com...

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Crucible before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Fisheye before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

Update Application links to ensure that a version of jackson-databind containing a fix for CVE-2018-14721 is used

The version of the Atlassian Application links plugin used in Fisheye before version 4.7.1 contained a version of jackson-databind that was vulnerable to CVE-2018-14721...

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Crucible before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Crucible before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

Upgrade Xstream to address CVE-2016-3674

The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...

Upgrade Xstream to address CVE-2016-3674

The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...

Upgrade Xstream to address CVE-2016-3674

The bundled version of XStream in Fisheye before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...

Upgrade Xstream to address CVE-2016-3674

The bundled version of XStream in Fisheye before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Crucible before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently restricted to...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Crucible before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently restricted to...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Fisheye before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently restricted to...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Fisheye before version 4.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently restricted to...

Address CVE-2019-11358 in the bundled version of jQuery

The bundled version of jQuery in Crucible before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Crucible...

Address CVE-2019-11358 in the bundled version of jQuery

The bundled version of jQuery in Crucible before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Crucible...

Address CVE-2019-11358 in the bundled version of jQuery

The bundled version of jQuery in Fisheye before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Fisheye...

Address CVE-2019-11358 in the bundled version of jQuery

The bundled version of jQuery in Fisheye before version 4.7.1 was vulnerable to CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2019-11358. This was fixed by patching the version of jQuery bundled with Fisheye...

CVE-2019-11581 - Template injection in various resources

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...

CVE-2019-11581 - Template injection in various resources

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...

SSRF - /plugins/servlet/issue-retriever?columns=&url=XXX

h3. Issue Summary The following issue was submitted to our bug bounty program. This endpoint will allow attackers to read the full response of the provided URL. h3. Environment Confluence 6.15.5 h3. Steps to Reproduce Setup two Atlassian applications and create an Applink between them. In my case...

Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name"...

Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name"...

When the 'Any logged in user' permission is added to 'Browse Project' permission in a Service Desk project, customer will automatically receive notifications when mentioned in an internal comment.

h3. Issue Summary When the 'Any logged in user' permission is added to 'Browse Project' permission in a Service Desk project, customer will automatically receive notifications when mentioned in an internal comment. h3. Steps to Reproduce Test Case1: Create a Service Desk project. Head to project...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

XSS in FilterPickerPopup.jspa parameter searchOwnerUserName

h3. Issue Summary The following vulnerability was submitted to our bug bounty program: h3. Environment Jira Server 8.2.1 Jira Cloud Verified using the latest Firefox h3. Steps to Reproduce As an authenticated user, navigate to code:java...

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution o...

Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution o...

jQuery 2.2.4 is vulnerable to prototype pollution

Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...

jQuery 2.2.4 is vulnerable to prototype pollution

Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...

Ability to have the Websudo functionality working with SAML / SSO

h3. Problem Definition When implementing SAML either through JDC or through a vendor plugin, the net result is you have to turn off websudo because you can't get websudo and SAML to work. The effect is you can go straight into administration functions without confirmation that you should. This...

Ability to have the Websudo functionality working with SAML / SSO

h3. Problem Definition When implementing SAML either through JDC or through a vendor plugin, the net result is you have to turn off websudo because you can't get websudo and SAML to work. The effect is you can go straight into administration functions without confirmation that you should. This...

Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...

Crowd - pdkinstall development plugin incorrectly enabled - CVE-2019-11580

Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...

XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

The version of the Application Links plugin used in Confluence before version 6.15.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more detail...

XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

The version of the Application Links plugin used in Confluence before version 6.15.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more detail...

Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...

Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...