SEN available in HTTP Response headers

Cloned from JRA-45188 h3. Summary Seems we're giving away our Support Entitlement Numbers SEN in our HTTP response headers. Risk here is that users who obtain these can then get free support in SAC. h3. Environment JIRA and Confluence Server JIRA and Confluence Cloud Potentially other apps h3...

SEN available in HTTP Response headers

Cloned from JRA-45188 h3. Summary Seems we're giving away our Support Entitlement Numbers SEN in our HTTP response headers. Risk here is that users who obtain these can then get free support in SAC. h3. Environment JIRA and Confluence Server JIRA and Confluence Cloud Potentially other apps h3...

Disable Quartz Phone Home

Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...

Disable Quartz Phone Home

Quartz's phone home has not yet been disabled in Crowd. http://quartz-scheduler.org/documentation/best-practices suggests setting org.terracotta.quartz.skipUpdateCheck=true as a system property to disable this check...

change fontset 'icons' to html entities to improve security compliance

It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization especially banks that have strict security constraint fontset cannot be downloaded as a result this will not render on customer instance. I would recommend that we change the current...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...

CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection

We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Update Java version bundled found in the installer to a version >= 1.8u51

Update the bundled version of java to a version = 1.8u51 1.8 update 51, which fixes many security issues http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html. Included in the security fixes is a fix for logjam CVE-2015-4000...

Disabled Users Receive Notification from Team Calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...

Disabled Users Receive Notification from Team Calendar

h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have new events added or when events in the subscribed calendar are modified. h3. Steps to Reproduce Create a new user in Confluence Make the new user watch a calendar in Team Calendar...

Disabled Users Receive Notification from Team Calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...

Disabled Users Receive Notification from Team Calendar

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48834. panel h3. Summary Confluence disabled users that subscribed to a calendar still receive notifications when calendar have...

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis. At the moment, the setting is applied at a global basis, which does not work if you want attachments to be downloaded/displayed inline depending on the...

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-38125. panel h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security...

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38125. panel h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security...

Denial of Service attack through vulnerable Xerces-J library

quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...

Denial of Service attack through vulnerable Xerces-J library

quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...

Content Spoofing in UpdateMyJiraHome

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1- go to...

Content Spoofing in UpdateMyJiraHome

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1- go to...

Content Spoofing in UpdateMyJiraHome

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1- go to...

Content Spoofing in AppPortalPage

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce:...

Content Spoofing in AppPortalPage

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce:...

Content Spoofing in AppPortalPage

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce:...

CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI

In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...

CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI

In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...

"JIRA Project Releases" event should respect Project's permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48963. panel Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. I...

"JIRA Project Releases" event should respect Project's permissions

Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. It means even people that have no access to some project will see the release dates from the forbidden project. Expected behavior: Users should see only "JIRA Project Releases" from...

"JIRA Project Releases" event should respect Project's permissions

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48963. panel Adding "JIRA Project Releases" event type to the Team calendar seems to NOT respect permissions from the project. I...