Open redirect in many resources - CVE-2018-13402

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before versio...

Open redirect in many resources - CVE-2018-13402

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before versio...

Open redirect in the XsrfErrorAction resource - CVE-2018-13401

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0...

Open redirect in the XsrfErrorAction resource - CVE-2018-13401

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0...

Several administrative resources missing WebSudo (improper access control vulnerability) - CVE-2018-13400

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version...

Several administrative resources missing WebSudo (improper access control vulnerability) - CVE-2018-13400

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version...

XSS in labels widget

If a user can control the content returned by code/rest/dashboards/1.0//gadget/10100/prefscode they can update the searchUrl field to execute a stored XSS. Here are the steps to reproduce: Upload an attachment to a ticket with the following content:...

XSS in labels widget

If a user can control the content returned by code/rest/dashboards/1.0//gadget/10100/prefscode they can update the searchUrl field to execute a stored XSS. Here are the steps to reproduce: Upload an attachment to a ticket with the following content:...

Update Tomcat to 8.5.34 to avoid CVE-2018-11784

h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...

Update Tomcat to 8.5.34 to avoid CVE-2018-11784

h4. Open redirect in default servlet CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user...

Upgrade Tomcat to the version 8.5.32

h4. Problem Current version of Tomcat 8.5.6 bundled with JIRA pre 7.12.1 is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9...

Upgrade Tomcat to the version 8.5.32

h4. Problem Current version of Tomcat 8.5.6 bundled with JIRA pre 7.12.1 is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9...

Deprecate support for authenticating using os_username, os_password as url query parameters

h4. Problem Support for using osusername and ospassword to authenticate when used as url query parameters has been deprecated in Jira 8.0.0. It is possible to disable support for osusername & ospassword as url query parameters for authentication by setting allowUrlParameterValue to false in...

Deprecate support for authenticating using os_username, os_password as url query parameters

h4. Problem Support for using osusername and ospassword to authenticate when used as url query parameters has been deprecated in Jira 8.0.0. It is possible to disable support for osusername & ospassword as url query parameters for authentication by setting allowUrlParameterValue to false in...

The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...

The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...

The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...

The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

XSS in various resources when moving issues through the Epic Colour field of an issue - CVE-2018-13395

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...

XSS in various resources when moving issues through the Epic Colour field of an issue - CVE-2018-13395

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...

The acceptAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13394

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user accept an answer via a Cross-site request forgery CSRF vulnerability...

The acceptAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13394

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user accept an answer via a Cross-site request forgery CSRF vulnerability...

The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...

The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...

Issue reporter and assignee user email addresses were disclosed regardless of the email visibility setting - CVE-2018-13391

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...

Issue reporter and assignee user email addresses were disclosed regardless of the email visibility setting - CVE-2018-13391

The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote...

Request for Marketplace add-on email notifications can be sent to inactive accounts

h4. Summary Users can navigate to the Atlassian Marketplace within Jira and request add-ons to be installed. This will send all groups defined under the Jira Administrators global permission an email notification indicating a particular user has requested a particular add-on. We have observed the...

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...

Upgrade to Tomcat 8.5.32 necessary

There are new vulnerabilities reported by apache: http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E It is...

SSRF/XSPA in ImporterSetupPage

h2. A security bug has been found in Jira Server. Administrator users can test local IP addresses/ports and determine whether they're open or closed. To reproduce: h2. Initial setup - Download https://www.atlassian.com/software/jira/download, install, and start up Jira Software Server. Note: I...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

XSS Vulnerability in Code Block Macro

h3. Summary There appears to be an XSS vulnerability when using the powershell syntax from within the Confluence Code Block Macro h3. Environment Confluence 6.6.6 h3. Steps to Reproduce Create a test page add macros code block select language=powershell enter...

Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL

h3. Summary Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL h3. Environment Confluence 6.7.2 Team Calendar 6.0.17 h3. Steps to Reproduce Login as UserA Calendar Creator Create a new Calendar with the Subscribe by URL option Subscribe to any external...

Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code

h3. Summary Opening embedded SVG file in comment on customer portal makes JIRA run added JavaScript code h3. Steps to Reproduce Log in to customer portal and create a new request Attach new SVG file which contains JavaScript code filename: smiley-test.svg: !screenshot-1.png|thumbnail! After the...

Upgrade to version 3.2.2 of apache commons-collections

h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...

Upgrade to version 3.2.2 of apache commons-collections

h3. Summary Similar to the issue described in CONFSERVER-40130, Synchrony Proxy is still using the old commons-collections library which allows for remote code execution. We can see this by looking at the following directories: code:java...

XSS in IncomingMailServer resource - CVE-2018-13387

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML ...

XSS in IncomingMailServer resource - CVE-2018-13387

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML ...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

SSRF via REST API /plugins/servlet/gadgets/makeRequest

Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...

SSRF via REST API /plugins/servlet/gadgets/makeRequest

Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...