ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47215. panel This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was...

Answers is vulnerable to BREACH (SSL/HTTP gzip) attack

This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648. This issue was reported by Nakul Mohan , 11 May - the email is too long to reproduce here. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size...

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...

Applink configuration data is exposed anonymously

If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs and URLs of the applinks configured on the instance. e.g. an anonymous request to https://jira.atlassian.com/rest/issueLinkAppLink/1/appLink/info returns code:javascript...

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs a...

prevent crashing when running out of database connections

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-33522. panel One common total crash for Confluence is when it does run out of database connection. Any reliable web application...

prevent crashing when running out of database connections

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-33522. panel One common total crash for Confluence is when it does run out of database connection. Any reliable web application...

prevent crashing when running out of database connections

One common total crash for Confluence is when it does run out of database connection. Any reliable web application should be able to resist to a peak in number of request and not to fully crash when this happens. This is also a security issue because it means that anyone could easily bring the...

Use of the referrer header on the error page for Crucible can enable XSS attacks

If the referrer header is manipulated and an error condition is triggered, the user will be displayed the error page in FeCru, which includes the manipulated referrer value on the page as a link. The use of the referrer header value directly as the target of a hyperlink can result in the user...

Use of the referrer header on the error page for Crucible can enable XSS attacks

If the referrer header is manipulated and an error condition is triggered, the user will be displayed the error page in FeCru, which includes the manipulated referrer value on the page as a link. The use of the referrer header value directly as the target of a hyperlink can result in the user...

Restrictions do not apply in calendar macro

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-49762. panel Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro...

Restrictions do not apply in calendar macro

Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro steps:+ Create a calendar. Restrict it to one group. Create a Confluence page with a calendar macro containing the restricted Calendar. View the page with a user with no permissions to...

Restrictions do not apply in calendar macro

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-49762. panel Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro...

Restrictions do not apply in calendar macro

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-49762. panel Team Calendar restrictions do not apply if the calendar is in a Calendar Macro withing a Confluence page. +Repro...

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

Jira appears to disclose unprocessed server tags in the output of the Marketplace plugin

As discovered/reported by running a security scan with the Acunetix web vulnerability scanner on our internally hosted instance of Jira, the Marketplace plugin appears to disclose ASP.NET style server tags in the output HTML. For example, appears in the HTML for the following page:...

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in atlassian-core, but mail handler does not use atlassian-core. It affects production OnDemand, all instances. codejava.lang.OutOfMemoryError: Java heap space Dumping hea...

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38028. panel There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in...

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-38028. panel There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed i...

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38028. panel There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in...

Open redirect on Bamboo login page, only when configured for HTTPS connections

If Bamboo is configured for HTTPS connections, then the following happens. It does not occur when Bamboo is configured as HTTP:// Description Bamboo has an open redirect on the login page which allows redirection to external sites. The osdestination parameter on the userlogin page and other pages...

Open redirect on Bamboo login page, only when configured for HTTPS connections

If Bamboo is configured for HTTPS connections, then the following happens. It does not occur when Bamboo is configured as HTTP:// Description Bamboo has an open redirect on the login page which allows redirection to external sites. The osdestination parameter on the userlogin page and other pages...

Self Stored Cross site scripting

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47188. panel Product: http://swag.atlassian.com Vulnerability Type: Self Stored Cross site scripting Cross site scripting...

Self Stored Cross site scripting

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47188. panel Product: http://swag.atlassian.com Vulnerability Type: Self Stored Cross site scripting Cross site scripting...

Self Stored Cross site scripting

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47188. panel Product: http://swag.atlassian.com Vulnerability Type: Self Stored Cross site scripting Cross site scripting...

Self Stored Cross site scripting

Product: http://swag.atlassian.com Vulnerability Type: Self Stored Cross site scripting Cross site scripting Platform: Leaptop / PC URL: https://id.atlassian.com/profile/signUp.action?continue=http://swag.atlassian.com/Login.aspx OS/Version: Windows 7 Browser: Mozilla Firefox v 28 Status: NEW...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

Confluence OnDemand dashboard - popular tab - user is shown links to pages they are restricted from viewing

Children of restricted pages do not get hidden from users who do not have permission to see the parent. Steps to reproduce: Create an unrestricted page. Create a child page, also unrestricted. Create a second user. Confirm the user can see the two new pages in their dashboard. Restrict viewing of...

Confluence OnDemand dashboard - popular tab - user is shown links to pages they are restricted from viewing

Children of restricted pages do not get hidden from users who do not have permission to see the parent. Steps to reproduce: Create an unrestricted page. Create a child page, also unrestricted. Create a second user. Confirm the user can see the two new pages in their dashboard. Restrict viewing of...

Avatars appear on Activity Stream even for anonymous users

Every user, independent of privileges, is able to see entries related to user's avatar change on Activity Stream. It also happens for users that are not logged in. See attached image...

Avatars appear on Activity Stream even for anonymous users

Every user, independent of privileges, is able to see entries related to user's avatar change on Activity Stream. It also happens for users that are not logged in. See attached image...

Any user without permission to view the page can view its label

h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...