LDAP credentials are stored in plain text in database

This information should be encrypted so that anyone with access to the database does not gain access to other systems...

LDAP and Active Directory credentials are stored in plain text in database

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31605. panel This information should be encrypted so that anyone with access to the database does not gain access to other syste...

User or Group Page Security

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-31505. panel Option to give user or group access to a particular page with a selectable option on the particular page rather th...

User or Group Page Security

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-31505. panel Option to give user or group access to a particular page with a selectable option on the particular page rather tha...

User or Group Page Security

Option to give user or group access to a particular page with a selectable option on the particular page rather than having to go through all other pages individually and restricting access there as this gets incredibly difficult to manage. Maybe have a dedicated security overview page like the...

Password reset emails are unusable on Outlook Web Access

When viewing a requested password reset email in Outlook webmail a user cannot see the button representing the main required action. Screenshot attached shows text highlighted to better demonstrate the issue White text on White background. Probably an Outlook issue but I think there might be...

Password reset emails are unusable on Outlook Web Access

When viewing a requested password reset email in Outlook webmail a user cannot see the button representing the main required action. Screenshot attached shows text highlighted to better demonstrate the issue White text on White background. Probably an Outlook issue but I think there might be...

Password reset emails are unusable on Outlook Web Access

When viewing a requested password reset email in Outlook webmail a user cannot see the button representing the main required action. Screenshot attached shows text highlighted to better demonstrate the issue White text on White background. Probably an Outlook issue but I think there might be...

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

UploadAction.execute vulnerable to CSRF

Sub-issue from CONF-27960. UploadAction.execute upload.action does not have CSRF protection...

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...

Missing access controls in loadattachmentversions action

The loadattachmentsversions action is accessible to any user of Confluence and returns version history information for an attachment. No access controls appear to be implemented for this action and any user of Confluence can obtain version history for any attachment, including those on pages in...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

Miscellaneous actions are vulnerable to CSRF

This issue is to track the following subset of actions from CONF-27690: StartClusterAction, execute ExternalUserConnectivityAction, execute HandleNameConflictsAction, execute FlushIndexQueueAction, execute ContentRemigrationAction, execute...

Miscellaneous actions are vulnerable to CSRF

This issue is to track the following subset of actions from CONF-27690: StartClusterAction, execute ExternalUserConnectivityAction, execute HandleNameConflictsAction, execute FlushIndexQueueAction, execute ContentRemigrationAction, execute...

Miscellaneous actions are vulnerable to CSRF

This issue is to track the following subset of actions from CONF-27690: StartClusterAction, execute ExternalUserConnectivityAction, execute HandleNameConflictsAction, execute FlushIndexQueueAction, execute ContentRemigrationAction, execute...

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

CSRF in saveeditpagebean.action

EditPageAction, doSaveEditPageBean...

doeditdefaultspacepermissions.action vulnerable to CSRF

EditSpacePermissionDefaultsAction, execute...

doeditdefaultspacepermissions.action vulnerable to CSRF

EditSpacePermissionDefaultsAction, execute...

doeditdefaultspacepermissions.action vulnerable to CSRF

EditSpacePermissionDefaultsAction, execute...

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

CSRF in resetstylesheet.action

SpaceEditStylesheetAction.doReset EditStylesheetAction.doReset...

Confluence notifications generated on jira issues no longer readable

A user created a ticket in jira, which was moved to another section, where the creator of the ticket has no rights. But the creator recieved a notification in confluence about a new comment on the ticket, he was no longer able to read and the comment was quoted in confluence. I think, this is a...

Confluence notifications generated on jira issues no longer readable

A user created a ticket in jira, which was moved to another section, where the creator of the ticket has no rights. But the creator recieved a notification in confluence about a new comment on the ticket, he was no longer able to read and the comment was quoted in confluence. I think, this is a...

Confluence notifications generated on jira issues no longer readable

A user created a ticket in jira, which was moved to another section, where the creator of the ticket has no rights. But the creator recieved a notification in confluence about a new comment on the ticket, he was no longer able to read and the comment was quoted in confluence. I think, this is a...

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

Jira is logging SOAP body in default config - passwords included

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config...

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

Doconfiguretheme action accessible to non-administrative users

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence including anonymous users, if anonymous use of Confluence is allowed. If this action is executed with no...

User lister action has no cross-site request forgery (XSRF) protection

Confluence allows an administrator to configure the groups which will not be allowed for member listing by the userlister macro. The doconfigure action that implements this functionality is vulnerable to cross-site request forgery XSRF. An attacker who exploited this vulnerability could cause the...

User lister action has no cross-site request forgery (XSRF) protection

Confluence allows an administrator to configure the groups which will not be allowed for member listing by the userlister macro. The doconfigure action that implements this functionality is vulnerable to cross-site request forgery XSRF. An attacker who exploited this vulnerability could cause the...

User lister action has no cross-site request forgery (XSRF) protection

Confluence allows an administrator to configure the groups which will not be allowed for member listing by the userlister macro. The doconfigure action that implements this functionality is vulnerable to cross-site request forgery XSRF. An attacker who exploited this vulnerability could cause the...