4195 matches found
SQL injection in DefaultReferralManager
In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...
SQL injection in DefaultReferralManager
In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...
SQL injection in DefaultReferralManager
In confluence-core/confluence/src/java/com/atlassian/confluence/links/DefaultReferralManager.java the DefaultReferralManager class the deleteReferrersWithPrefix method is vulnerable to sql injection through the user controlled 'prefix' parameter. It is possible to exploit this issue as an Admin...
Session-timeout not being respected
As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...
Session-timeout not being respected
As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...
Session-timeout not being respected
As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...
Persistent XSS in the removepage.action page through the title of the parent page being deleted
The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector. Steps to reproduce: 1. Add a page with a title of "" alert3; 2. from the Add menu select "Add page" so it is a child of the first page 3. save the new page child ...
Persistent XSS in the removepage.action page through the title of the parent page being deleted
The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector. Steps to reproduce: 1. Add a page with a title of "" alert3; 2. from the Add menu select "Add page" so it is a child of the first page 3. save the new page child ...
Persistent XSS in the removepage.action page through the title of the parent page being deleted
The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector. Steps to reproduce: 1. Add a page with a title of "" alert3; 2. from the Add menu select "Add page" so it is a child of the first page 3. save the new page child ...
Accidental XSRF and DoS consumption-of-space issue
We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...
Accidental XSRF and DoS consumption-of-space issue
We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...
Accidental XSRF and DoS consumption-of-space issue
We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...
rememberme cookie is not cleared when user changes password in Confluence
When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...
rememberme cookie is not cleared when user changes password in Confluence
When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...
rememberme cookie is not cleared when user changes password in Confluence
When a user changes their password, the seraph cookie is still valid. To avoid this, all entries for the changed user in the table remembermetoken should be removed...
User email showing in suggestions section with visibility set to hidden
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-29690. panel Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Emai...
User email showing in suggestions section with visibility set to hidden
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-29690. panel Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Ema...
User email showing in suggestions section with visibility set to hidden
Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Email Visibility set to show user emails Assign issue to test user Set Email Visibility to Hidden Go to assign issue and search for user in the Assignee field Previous...
User email showing in suggestions section with visibility set to hidden
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-29690. panel Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Emai...
Group Picker Should Not Listed All Groups
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...
Group Picker Should Not Listed All Groups
Confluence will display all groups registered on it when users access any group picker and put value as its search parameter. This is not a good implementation from security point of view as normal users would be able to see the whole groups. It would be better if group picker listed only the...
Group Picker Should Not Listed All Groups
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...
XSS vulnerability in chart saving
Create a new dashboard with the name alert"XSS" 2. Go to the issue navigator and perform a search 3. Choose Views - charts - Save to dashboard This is because portal.name is unescaped in savetodashboard.vm. Tested in OnDemand and BTF...
XSS vulnerability in chart saving
Create a new dashboard with the name alert"XSS" 2. Go to the issue navigator and perform a search 3. Choose Views - charts - Save to dashboard This is because portal.name is unescaped in savetodashboard.vm. Tested in OnDemand and BTF...
XSS vulnerability in chart saving
Create a new dashboard with the name alert"XSS" 2. Go to the issue navigator and perform a search 3. Choose Views - charts - Save to dashboard This is because portal.name is unescaped in savetodashboard.vm. Tested in OnDemand and BTF...
Reflected XSS within the username parameter of the /user/non-system/{username} rest resource
The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...
Reflected XSS within the username parameter of the /user/non-system/{username} rest resource
The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...
Reflected XSS within the username parameter of the /user/non-system/{username} rest resource
The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side inpu...
The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter
We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side input validation where applicable. Special characters should be stripped out during the validation process. The following special characters should be stripped out if...
The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side input...
The application should return caching directives instructing browsers not to store local copies of any sensitive data.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...
The application should return caching directives instructing browsers not to store local copies of any sensitive data.
We want to control the server's caching directives from within individual scripts. We have identified following locations, where we can provide HTTP headers 'Cache-control: no-store' and 'Pragma: no-cache'. Please provide these response headers to the following identified locations and to all oth...
The application should return caching directives instructing browsers not to store local copies of any sensitive data.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, where...
Provide HTTP headers for the content that absolutely must not be cached on the client
We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...
Provide HTTP headers for the content that absolutely must not be cached on the client
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...
Provide HTTP headers for the content that absolutely must not be cached on the client
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
Session expiry pages may echo password in clear text
The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...
Session expiry pages may echo password in clear text
The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...
Session expiry pages may echo password in clear text
The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...
Inherit Edit Restrictions for Child Pages
As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...
Inherit Edit Restrictions for Child Pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...
Inherit Edit Restrictions for Child Pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...
Session ID and remember me cookie should expire when LDAP user password is changed
Steps to reproduce Login as a normal Confluence user In another browser or in incognito mode, login as system administrator Go to Confluence Admin Manage Users and click on the user Click Set Password and set a different password for this user Refresh the page and the user can still access the pa...