Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch

I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...

Linux Git Server - Ampersand (&) in tag is not properly handled when closing a branch

I attempted to close a feature branch. I added the tag that included an ampersand CNT-421&CNTUI-123. The tag that was applied to the branch was CNT-421 as the ampersand was not escaped when running the command in Git. The ampersand was treated the same as an ampersand in Bash, which allows the...

XSS in User Macros, Macro Title and Icon URL

h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...

XSS in User Macros, Macro Title and Icon URL

h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...

User emails visible in page source

A customer reported that user emails are being included in the page source on issue pages. Even with email visibility set to "Hidden", the reporter and assignee emails are included in the page source. The email is in an attribute called data-user as part of a span tag. Example from this page:...

XSS in EditIssue.jspa through the issuetype parameter - CVE-2018-5232

The EditIssue.jspa resource in Atlassian Jira Server before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuetype parameter...

XSS in EditIssue.jspa through the issuetype parameter - CVE-2018-5232

The EditIssue.jspa resource in Atlassian Jira Server before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuetype parameter...

Our documentation for running Confluence behind a http that terminates https is probably incorrect

Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...

Our documentation for running Confluence behind a http that terminates https is probably incorrect

Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...

Any user able to manage space watcher using REST API

h3. Summary Any Confluence user is able to manage Space Watcher by using REST API h3. Steps to Reproduce Create a user that belongs to the "confluence-users" group example: user1 Using an Adminstrator user, create a new space and restrict the space to the administrator user As the normal user...

Denial of service through the ForgotLoginDetails resource - CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it...

Denial of service through the ForgotLoginDetails resource - CVE-2018-5231

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

Update documentation regarding plan permissions to edit and delete plans

h3. Summary According to our documentation Disabling or deleting a plan|https://confluence.atlassian.com/bamboo/disabling-or-deleting-a-plan-289276855.html/, it is only possible to delete a plan by having "Admin" Global permissions. This is not accurate. Test done: Create a group called...

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

XSS in various types of nested wiki markup - CVE-2017-18102

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...

XSS in various types of nested wiki markup - CVE-2017-18102

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Atlassian JIRA before version 7.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently...

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Atlassian JIRA before version 7.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently...

Missing authentication checks in various administrative system import resources - CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...

Missing authentication checks in various administrative system import resources - CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...

XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of quick filters. h3. Workaround Disable the gadget. - Navigate to Administration Add-ons Manage add-ons and se...

XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of quick filters. h3. Workaround Disable the gadget. - Navigate to Administration Add-ons Manage add-ons and se...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

XSS in the Trello board importer resource - CVE-2017-18097

The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trell...

XSS in the Trello board importer resource - CVE-2017-18097

The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trell...

XSS in the searchrequest-xml resource through various fields - CVE-2017-18098

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through various fields...

XSS in the searchrequest-xml resource through various fields - CVE-2017-18098

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through various fields...

Confluence error pages should remove stack trace from being output to the UI

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. panel h3. Problem Definition The Confluence error page typically displays "Oops - an error has occurred", it displays System error, the cause, then the stack trace that deals with that error. This is not desirable for all...

Confluence error pages should remove stack trace from being output to the UI

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. panel h3. Problem Definition The Confluence error page typically displays "Oops - an error has occurred", it displays System error, the cause, then the stack trace that deals with that error. This is not desirable for all...

Open Redirection Issue in JIRA Announcement Banner

Hi, I am currently using Jira 6.1. And the issue is related to the Jira announcement banner. While editing/adding the announcement banner i tried to inject a script like window.location.href='www.somesite'. By doing so, after logging in to Jira , it redirected to the particular site. Therefore i...

Update 7zip to latest version

The current version of 7zip included has a security vulnerability that has been flagged in our corporate environment. The issue has been fixed in the latest version of 7zip. I have been asked to either obtain a version of SourceTree with the fixed version of 7zip, or to uninstall SourceTree...

The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...

The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability XSS. See https://ecosystem.atlassian.net/browse/UPM-5871 for more details...

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

Incorrect user showing up in configuration for GPG key signing

When configuring SourceTree to use GPG key signing for commits, an incorrect user is used for a given key. The user shows up as "0", rather than the user that was used to create the key. !gpgconfig.png|width=488,height=316! For more details see the post in the community forum here:...

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

Vulnerable javascript library: jQuery

Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...

Vulnerable javascript library: jQuery

Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...

Remote Code Execution via in Browser Editing - CVE-2018-5225

An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. Affected versions: All versions of Bitbucket Server before 5.4.8 the fixed version for 4.13.0 through to 5.4.7, 5.5.0 before 5.5.8 the...

Remote Code Execution via in Browser Editing - CVE-2018-5225

An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. Affected versions: All versions of Bitbucket Server before 5.4.8 the fixed version for 4.13.0 through to 5.4.7, 5.5.0 before 5.5.8 the...

The console login did not rotate the session id during login - CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...

The console login did not rotate the session id during login - CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation...

Various resources included the current remote directory password in their responses - CVE-2016-10740

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...

Various resources included the current remote directory password in their responses - CVE-2016-10740

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources...