XSS vulnerability in social bookmarking plugin bundled in Confluence

The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances even if you do not use the plugin or do not have the Add Bookmark Web Item enabled. The updatebookmark.action URL is vulnerable on these parameters: ...

XSS vulnerability in social bookmarking plugin bundled in Confluence

The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances even if you do not use the plugin or do not have the Add Bookmark Web Item enabled. The updatebookmark.action URL is vulnerable on these parameters: ...

XSS vulnerability in social bookmarking plugin bundled in Confluence

The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances even if you do not use the plugin or do not have the Add Bookmark Web Item enabled. The updatebookmark.action URL is vulnerable on these parameters: ...

XSS vulnerability in browseusers.vm

browseusers.vm does not escape usernames...

XSS vulnerability in browseusers.vm

browseusers.vm does not escape usernames...

XSS vulnerability in browseusers.vm

browseusers.vm does not escape usernames...

XSS vulnerabilities in insert image and link actions

In 2.7.x, the following URL's are vulnerable: - /users/insertlink.action - /users/insertlink-page-attachmentstab.action - /users/insertlink-page-uploadfile.action - /users/insertlink-draft-attachmentstab.action - /users/insertlink-draft-uploadfile.action - /users/doinsertimageinpage.action -...

XSS vulnerabilities in insert image and link actions

In 2.7.x, the following URL's are vulnerable: - /users/insertlink.action - /users/insertlink-page-attachmentstab.action - /users/insertlink-page-uploadfile.action - /users/insertlink-draft-attachmentstab.action - /users/insertlink-draft-uploadfile.action - /users/doinsertimageinpage.action -...

XSS vulnerabilities in insert image and link actions

In 2.7.x, the following URL's are vulnerable: - /users/insertlink.action - /users/insertlink-page-attachmentstab.action - /users/insertlink-page-uploadfile.action - /users/insertlink-draft-attachmentstab.action - /users/insertlink-draft-uploadfile.action - /users/doinsertimageinpage.action -...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

XSS vulnerability in pagepicker.action and spacepagepicker.action

The following URL's are vulnerable: - /users/pagepicker.action - /users/spacepagepicker.action on formname, fieldname and currentspace panel:bgColor=99ff99 h4. Patch instructions for 2.6.x and 2.7.x 1. Shut down Confluence 2. Copy attached pagepicker.vm to confluence/users/ 3. Start up Confluence...

Watchers can see comments that they are not supposed to see via email notifications

We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...

Watchers can see comments that they are not supposed to see via email notifications

We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...

Watchers can see comments that they are not supposed to see via email notifications

We have email notifications switched on for our live version of JIRA. If you watch an issue then you receive an email each time somebody comments on that issue. This email contains information about the issue including the comment that was added. This is great as it allows people to keep up to da...

Fix the seraph.os.cookie from failing on Tomcat by upgrading atlassian-seraph

Once SER-117 has been fixed, incorporate the changes into JIRA see the linked issue for a full description of the problem. Note that this only affects Tomcat users; Resin and Orion do not appear to be affected. User Symptoms: Users have checked the "Remember my login on this computer" checkbox al...

Fix the seraph.os.cookie from failing on Tomcat by upgrading atlassian-seraph

Once SER-117 has been fixed, incorporate the changes into JIRA see the linked issue for a full description of the problem. Note that this only affects Tomcat users; Resin and Orion do not appear to be affected. User Symptoms: Users have checked the "Remember my login on this computer" checkbox al...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

username not validated in add user to favourites action

Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...

username not validated in add user to favourites action

Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...

username not validated in add user to favourites action

Entering a bogus username here has the unwanted side effect of adding a bogus entity to your user favourites that can't be removed...

XSS vulnerability in signup actions

Vulnerable URL's: - signup.action - dosignup.action on username, email, password, confirm, fullname...

XSS vulnerability in signup actions

Vulnerable URL's: - signup.action - dosignup.action on username, email, password, confirm, fullname...

XSS vulnerability in signup actions

Vulnerable URL's: - signup.action - dosignup.action on username, email, password, confirm, fullname...

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

viewuser.action has an XSS problem around username

Steps to reproduce: create a user with username: foo"alert'hello';span class="ff you should get an alert when you are redirected to viewuser.action to view the user you just created...

Users with view permissions on a space are able to delete (purge) pages they don't have permission to edit/access

If a user has at least view permissions on a space they can purge any page in that space using the URL: /pages/purgetrashitem.action?key=&contentId= and the right contentId and space key. A purge can be performed even if the page has not been marked for deletion. This issue has been replicated an...

Users with view permissions on a space are able to delete (purge) pages they don't have permission to edit/access

If a user has at least view permissions on a space they can purge any page in that space using the URL: /pages/purgetrashitem.action?key=&contentId= and the right contentId and space key. A purge can be performed even if the page has not been marked for deletion. This issue has been replicated an...

Users with view permissions on a space are able to delete (purge) pages they don't have permission to edit/access

If a user has at least view permissions on a space they can purge any page in that space using the URL: /pages/purgetrashitem.action?key=&contentId= and the right contentId and space key. A purge can be performed even if the page has not been marked for deletion. This issue has been replicated an...

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

Seperate label permissions from edit issue permission

In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...

Seperate label permissions from edit issue permission

In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...