Require user to answer CAPTCHA after three failed attempts

Require user to answer CAPTCHA after three failed attempts. For SOAP and XMLRPC this means that the user will have to open a browser to answer the CAPTCHA, similar to how google does it. This issue has been rated MODERATE. Please refer to http://confluence.atlassian.com/x/ZILmD for details on oth...

The list of Confluence administrators is accessible via a URL

Confluence exposes a list of the administrators. This issue corrects this by removing the list and providing the user with a form that can be used to send e-mail to all the relevant administrators on the user's behalf...

The list of Confluence administrators is accessible via a URL

Confluence exposes a list of the administrators. This issue corrects this by removing the list and providing the user with a form that can be used to send e-mail to all the relevant administrators on the user's behalf...

The list of Confluence administrators is accessible via a URL

Confluence exposes a list of the administrators. This issue corrects this by removing the list and providing the user with a form that can be used to send e-mail to all the relevant administrators on the user's behalf...

Remove the download link for XML site backups

Currently Confluence allows easy download of XML site backups. This could be considered a security risk. This issue introduces a flag in the Confluencecfg.xml that allows system administrators to turn this feature on or off. By default it is off meaning that the link will not be displayed. The fl...

Remove the download link for XML site backups

Currently Confluence allows easy download of XML site backups. This could be considered a security risk. This issue introduces a flag in the Confluencecfg.xml that allows system administrators to turn this feature on or off. By default it is off meaning that the link will not be displayed. The fl...

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

Mail support request accepts any e-mail address

The SupportUtility allows the user to enter an arbitrary e-mail address to send a copy of the e-mail to. This issue removes the option for users to enter an e-mail address to CC. This issue also introduces a flag that prevents the TO address from being changed through the web interface. By defaul...

Anonymise config files in support zip

Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...

Anonymise config files in support zip

Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...

Anonymise config files in support zip

Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...

Not all error strings are encoded

A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...

Not all error strings are encoded

A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...

Not all error strings are encoded

A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...

Possible XSS injection in attachment upload

A XSS vulnerability has been identified in attachment upload. The severity of this issue has been rated HIGH. Please refer to the security advisory at http://confluence.atlassian.com/x/ZILmD for information on how we rate issues...

Possible XSS injection in attachment upload

A XSS vulnerability has been identified in attachment upload. The severity of this issue has been rated HIGH. Please refer to the security advisory at http://confluence.atlassian.com/x/ZILmD for information on how we rate issues...

Possible XSS injection in attachment upload

A XSS vulnerability has been identified in attachment upload. The severity of this issue has been rated HIGH. Please refer to the security advisory at http://confluence.atlassian.com/x/ZILmD for information on how we rate issues...

JIRA is vulnerable to clickjacking attacks

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21101. panel A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of a...

JIRA is vulnerable to clickjacking attacks

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-21101. panel A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of an...

JIRA is vulnerable to clickjacking attacks

A clickjacking attack on JIRA would most likely take the form of a third-party site, containing an invisible iframe on top of an unrelated page. The iframe would contain a page in JIRA. The victim would believe he was clicking on the other site but would actually be clicking in JIRA and performin...

XSS vulnerability in Colour Scheme settings

An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...

XSS vulnerability in Colour Scheme settings

An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...

XSS vulnerability in Colour Scheme settings

An XSS vulnerability has been discovered in the Colour Scheme settings. The severity of this issue is rated as HIGH. Please refer to the security advisory http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2010-04-x for details...

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

XSS vulnerability in search

An XSS vulnerability has been found in the searching component of Confluence...

XSS Bookmark vulnerabilities

The Add bookmark page is vulnerable to XSS attacks...

XSS Bookmark vulnerabilities

The Add bookmark page is vulnerable to XSS attacks...

XSS Bookmark vulnerabilities

The Add bookmark page is vulnerable to XSS attacks...

brute force password attack protection by default

We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...

brute force password attack protection by default

We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...

brute force password attack protection by default

We have added an upgrade task to set jira.maximum.authentication.attempts.allowed=5 on all instances even if they previous had set it to something else. This is to ensure that systems are more safe by default...

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

Group picker popup JSP has XSS hole if group names are XSS shaped

If a group name has a XSS shaped name, then the group picker will allow scripts to be executed...

Brute force protection on JIRA 4.1 leaks valid account names

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-21036. panel The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to...

Brute force protection on JIRA 4.1 leaks valid account names

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-21036. panel The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker t...

Brute force protection on JIRA 4.1 leaks valid account names

The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to harvest a list of valid logins on the system. The brute force login protection should activate when either the login or the password is wrong...

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

500page.jsp contains HTTP Header XSS vulnerability

The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...

500page.jsp contains HTTP Header XSS vulnerability

The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...

500page.jsp contains HTTP Header XSS vulnerability

The 500page.jsp contains an XSS vulnerability via the 'Referrer' HTTP header...

screenshot-redirecter.jsp XSS attach via the afterURL parameter

The screenshot-redirector.jsp does note escape the 'afterURL' URL parameter correctly, leading to an XSS attack vector...

screenshot-redirecter.jsp XSS attach via the afterURL parameter

The screenshot-redirector.jsp does note escape the 'afterURL' URL parameter correctly, leading to an XSS attack vector...

screenshot-redirecter.jsp XSS attach via the afterURL parameter

The screenshot-redirector.jsp does note escape the 'afterURL' URL parameter correctly, leading to an XSS attack vector...

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...

issuelinkssmall.jsp has an XSS hole via the URL used to access it

The issuelinkssmall.jsp has an XSS hole, where if the URL contains an XSS string, the ww:url tag will include that tag in the page because the value attribute was left empty...