Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

Persistent XSS in Username field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" fo...

Persistent XSS in Username field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" fo...

Persistent XSS in Username field

The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" for HTML output. Known vulnerability points: When viewing a user's activity stream on their profile page When viewing the site-wide activity stream in the Administrative UI This...

Persistent XSS in Username field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" f...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS in doconfigurerssfeed.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-30240. panel Filed by vosipov on behalf of write.muhammadwaqar. code...

XSS in doconfigurerssfeed.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-30240. panel Filed by vosipov on behalf of write.muhammadwaqar. code...

XSS in doconfigurerssfeed.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-30240. panel Filed by vosipov on behalf of write.muhammadwaqar. code...

XSS in doconfigurerssfeed.action

Filed by vosipov on behalf of write.muhammadwaqar. code...

Force password reset for all users

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-30236. panel Administrators should have an easy way to force users to change passwords in bulk format in emergencies. Has this...

Force password reset for all users

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30236. panel Administrators should have an easy way to force users to change passwords in bulk format in emergencies. Has this...

Force password reset for all users

Administrators should have an easy way to force users to change passwords in bulk format in emergencies. Has this been discussed as a possible feature? Are there drawbacks to having a mass password reset force in administration? Would setting password expiration to 1 day expire all passwords in 2...

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

XSS Vulnerability in About Me field

Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save & check in your answers profile - the JS will appear in the browser console. [email protected] can you do me a favor and give every profile field an once-over?...

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...

XSS Vulnerability in About Me field

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Sav...

Better error handling when changing password with LDAP connected

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34098. panel When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following...

Better error handling when changing password with LDAP connected

When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following when trying to change their password. This error will be thrown when the LDAP directory has a certain password restrictions and the user input the password which does no...

Better error handling when changing password with LDAP connected

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-34098. panel When configuring JIRA to connect to LDAP directory with Read/Write permission, user could encounter such error as the following...

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose...

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose...

XSS Vulnerability - delete filter confirmation

Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose "Save as", enter "alertdocument.cookie for the name. 3. Delete the filter. See attached screenshots...

XSS Vulnerability - delete filter confirmation

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choos...

Page Properties Report showing restricted items

Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...

Page Properties Report showing restricted items

Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...

Page Properties Report showing restricted items

Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top pag...

XSS vulnerabilities in Atlassian Answers

Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page https://answers.atlassian.com/. Chose "Browse", "Users" and "Sort By Username" then a alert dialogue box will appear...

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page...

XSS vulnerabilities in Atlassian Answers

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top page...

Restricted Work Log entries show in the Activity Stream in JIRA Server

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

Restricted Work Log entries show in the Activity Stream in JIRA Server

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

Restricted Work Log entries show in the Activity Stream in JIRA Server

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

Crowd OpenID server does not enforce profile ownership for viewing

Similar to CWD-3465, it seems that not enforce profile ownership for viewing. That is, a non-admin user called Mallory can view Alice's profile information if Mallory obtains Alice's profileId number. For example, https://openid.atlassian.com/secure/profile/editprofiles.action?profileID=15240744...

Crowd OpenID server does not enforce profile ownership for viewing

Similar to CWD-3465, it seems that not enforce profile ownership for viewing. That is, a non-admin user called Mallory can view Alice's profile information if Mallory obtains Alice's profileId number. For example, https://openid.atlassian.com/secure/profile/editprofiles.action?profileID=15240744...

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...