'/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled

quote LDAP directory users and groups exposed via the /users/userpicker.action. There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior. quote quote The second exposed function that is part of this vulnerability is...

'/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled

quote LDAP directory users and groups exposed via the /users/userpicker.action. There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior. quote quote The second exposed function that is part of this vulnerability is...

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.

admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.

admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/migratelocalgroups.jsp Atlassian Local Group Migration Recovery lacks an XSRF token to run the migration

admin/migratelocalgroups.jsp Atlassian Local Group Migration Recovery does not require a csrf token to run the migration. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/migratelocalgroups.jsp Atlassian Local Group Migration Recovery lacks an XSRF token to run the migration

admin/migratelocalgroups.jsp Atlassian Local Group Migration Recovery does not require a csrf token to run the migration. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/dev/shortcuts.jsp lacks an XSRF token to alter installed/.configured shortcuts

admin/dev/shortcuts.jsp does not require a csrf token to alter installed/.configured shortcuts...

admin/dev/shortcuts.jsp lacks an XSRF token to alter installed/.configured shortcuts

admin/dev/shortcuts.jsp does not require a csrf token to alter installed/.configured shortcuts...

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...

admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'

admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'

admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token

In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...

restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token

In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited...

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited...

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited to the child pages. This might be quite random, as in not every child pages are affected. IMHO, we should have CONF-25188 implemented to help this out. h5. Workaround Please follow...

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherite...

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw. Here is an example url which will direct a user to http://google.com...

/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw. Here is an example url which will direct a user to http://google.com...

/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw. Here is an example url which will direct a user to http://google.com...

XML Vulnerability in Confluence

We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to: Execute denial of service attacks against the Confluence server, or Read all local files readable to the system user under...

XML Vulnerability in Confluence

We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to: Execute denial of service attacks against the Confluence server, or Read all local files readable to the system user under...

XML Vulnerability in Confluence

We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to: Execute denial of service attacks against the Confluence server, or Read all local files readable to the system user under...

XML Vulnerability in JIRA

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...

XML Vulnerability in JIRA

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...

XML Vulnerability in JIRA

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...

Improve the default SSL cipherset in standalone JIRA setup

We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions would be helpful...

Improve the default SSL cipherset in standalone JIRA setup

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions wou...

Improve the default SSL cipherset in standalone JIRA setup

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions woul...

XML Vulnerability in Crowd

We have identified and fixed a vulnerability in Crowd that results from the way XML parsers are used. This vulnerability allows an attacker to: Execute denial of service attacks against the Crowd server, or Read all local files readable to the system user under which Crowd runs. All versions of...

XML Vulnerability in Crowd

We have identified and fixed a vulnerability in Crowd that results from the way XML parsers are used. This vulnerability allows an attacker to: Execute denial of service attacks against the Crowd server, or Read all local files readable to the system user under which Crowd runs. All versions of...

Bamboo XML Vulnerability

We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo. This vulnerability allows an attacker to: Execute denial of service attacks against the Bamboo server, and Read all local files readable to the system user under which Bamb...

Bamboo XML Vulnerability

We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo. This vulnerability allows an attacker to: Execute denial of service attacks against the Bamboo server, and Read all local files readable to the system user under which Bamb...

Disable browser password save on Admin page in Firefox

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-25008. panel In Chrome, Safari and IE there is no browser prompt to store the password but on Firefox both Mac and Windows I get...