This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This Metasploit module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server.
26d73b4952befcec0a56b50c408cd4fd4e5babeec09700eba379dfb85cf91c39
Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.
1d1e7afd06b6338674555bdc5902d12019ece6717146ea1deddafa1c4ec2dfff
Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.
210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027
Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.
7080e92a97a87f926d87df454a396848f9491f786060cbd25b9c83577cc2efa3
Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.
9506b8cb8908b8c285b6269247edf4b6b2be0b43fcb2a0b7d2fa9067b0e39019
Bitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affected include those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 up to 6.4.3, and 6.5.0 up to 6.5.2.
f74fc41b48501d9f142c1aee97abb78b90b5831e3806ca134f9a53e9580e340f
Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.
1bd78cc6d3d45eea1fb1efadb1e82ae16a452e32f277d1510a2aaea4b0c5fff9
Confluence Server versions 6.1.0 up to 6.6.16, 6.7.0 up to 6.13.7, and 6.14.0 up to 6.15.8 suffer from a file disclosure vulnerability.
63bb40486cc6b4b0d9ad286552ee4301273147e9803d97e67d4568a9f4d18289
Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. Versions of Crowd and Crowd Data Center starting with version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
985c2d75d6a00aea412d56a69bb859b3edd00658270d8705e9aa0d84f96b275d
Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.
eb7fab9f199284bc9dc00a27ebbd15225692c071a07f834c3e67ddca2bd8df05
Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.
54a6bf44997071eacfb8aca90470a91c600400151badba57559e2a382f7bcf17
Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.
6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74
Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.
b0d0c095cbfecc82d058925a21b052e5cd29e36b802d25a05e5dae99f9f856dc
An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.
32eacd269abd3e89eabbc766ac7946e1762c239c4e1ea7feaf37f59de4e0886f
Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.
72579ac313380df47c8c8323c109ad9176469f5b6f3eb57353d5dbbf09343433
Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.
ba67c38eb49b7df19fab03d44e80e38c02272f017da74579304e5379d19578f7
Sourcetree for macOS versions 1.0b2 up to 2.7.0 and Sourcetree for Windows versions 0.5.1.0 up to 2.4.7.0 suffers from multiple command injection vulnerabilities.
d2c94b00ad0ef81396b3578120ab94bfa7b4948ed21552a912349549577784ea
Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.
fca84ac002b1e70651aa751b7a890b5e69d0d5a6286d654049f33496dfc1b566
Fisheye and Crucible did not check that the name of a file in a Mercurial repository contained argument parameters. An attacker who has permission to add a repository or commit to a mercurial repository tracked by Fisheye or Crucible, can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.
0bd5e815725597c657d0c5a6e093eb6974e09f7a3506b05998f40a13281f58a7
Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.
5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520e
Bamboo versions prior to 5.15.7 and 6.0.1 suffer from an incorrect permission check.
f665db424dfe7878fbf9a2575c1b4a5604918b34c770adf075efc1af7356cc9e