Whitelist or blacklist for inline attachment display

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-32204. panel Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be...

Whitelist or blacklist for inline attachment display

Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be helpful if there is an extra option which allow the administrator to control the type of attachment which can be displayed inline...

Whitelist or blacklist for inline attachment display

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-32204. panel Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be...

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

Provide the option to temporarily lock a user account after the maximum configured login attempts

It would be very helpful to have option to configure maximum attempt of failed login and a mechanism to lock/disable user account after the maximum failed attempt is reached. Decide upon the number of login attempts to be allowed configurable, and make sure that the account will be locked once th...

XSS in the view parameter of several actions

The following XSS issues were detected by a customer. /changelog?max=30&view=cru%22;alert4015891;//%22&@asv=cru /project/CR?max=30&projectKey=CR&view=all";alert3166631;//"&@asv=all /user/c30626?max=30&name=c30626&view=all";alert1287220;//"&@asv=all...

XSS in the view parameter of several actions

The following XSS issues were detected by a customer. /changelog?max=30&view=cru%22;alert4015891;//%22&@asv=cru /project/CR?max=30&projectKey=CR&view=all";alert3166631;//"&@asv=all /user/c30626?max=30&name=c30626&view=all";alert1287220;//"&@asv=all...

Cross Site Scripting vulnerabilities in Pickers

Currently, the confluence picker does not sanitize the input /crowd/console/secure/pickers/displayPicker.action. Proof of concept. Access the following URL in your browser with javascript enabled. Replace the with your crowd URL. panel...

Cross Site Scripting vulnerabilities in Pickers

Currently, the confluence picker does not sanitize the input /crowd/console/secure/pickers/displayPicker.action. Proof of concept. Access the following URL in your browser with javascript enabled. Replace the with your crowd URL. panel...

Administrator can change avatar without establishing a Secure Administrator Session (WebSudo)

Administrator can click on avatar of another user and change the avatar. This doesn't require the administrator user to establish a websudo session...

Administrator can change avatar without establishing a Secure Administrator Session (WebSudo)

Administrator can click on avatar of another user and change the avatar. This doesn't require the administrator user to establish a websudo session...

Content with inherited restrictions still appears in search results

I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...

Content with inherited restrictions still appears in search results

I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...

Content with inherited restrictions still appears in search results

I don't know the full story here but there have been numerous reports on EAC now of cases where clicking on a search result gives a 'Not permitted' response. Further investigation by an admin will show that in these cases a parent or grandparent has viewing restrictions applied. It would appear...

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

Several actions vulnerable to CSRF (have websudo protection)

A number of actions in JIRA were vulnerable to CSRF as they performed no token checking. These actions are protected by websudo, which makes exploiting them impossible...

Several actions vulnerable to CSRF (have websudo protection)

A number of actions in JIRA were vulnerable to CSRF as they performed no token checking. These actions are protected by websudo, which makes exploiting them impossible...

Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break

Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...

Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break

Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31945. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visib...

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31945. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visibl...

Secure Mail Archive with Space Permissions

Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visible to all space users. REQUEST: Apply Restrict Space Permissions to Mail Archive Same behavior as for Pages, restricting ability to search or view mail archive based on permissions. S...

Secure Mail Archive with Space Permissions

Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visible to all space users. REQUEST: Apply Restrict Space Permissions to Mail Archive Same behavior as for Pages, restricting ability to search or view mail archive based on permissions. S...

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31944. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visibl...

Secure Mail Archive with Space Permissions

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31944. panel Mail Archives in a Space are currently not subject to any Read / View security context Permissions. They are visib...

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

The color of the issue security field should be configureable or black

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-36126. panel The color of the issue secuity field is red. Why? The color should be configureable or black, like other fields. I have already...

The color of the issue security field should be configureable or black

The color of the issue secuity field is red. Why? The color should be configureable or black, like other fields. I have already asked a question. Apparently no one knows or it is not possible. https://answers.atlassian.com/questions/222397/howto-change-color-of-issue-security-field...

The color of the issue security field should be configureable or black

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36126. panel The color of the issue secuity field is red. Why? The color should be configureable or black, like other fields. I have already...

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

XSS vulnerability in 'Share a link' blueprint

Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...

JIRA Workflow Step Property jira.permission.browse allows you to view issues in issue navigator

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-35917. panel h3. Summary The JIRA Workflow Step Property jira.permission.browse does not prevent you to view issues in issue navigator. h3...

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

LDAP credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other...

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...