David Black

**Nome do software vulnerável e versões afetadas: Jira Server e Data Center versões 8.5.13 e anteriores, versões 8.6.0 a 8.13.4 e versões 8.14.0 a 8.15.0 Versões 8.5.13 e anteriores do Jira Server, versões 8.6.0 a 8.13.4 e versões 8.14.0 a 8.15.0 Versões 8.5.13 e anteriores do Jira Data Center, versões 8.6.0 a 8.13.4 e versões 8.14.0 a 8.15.0 Descrição: A função de pesquisa JQL membersOf permite que invasores remotos anônimos determinem se um grupo existe e quais são os membros dos grupos, caso estejam atribuídos a campos de issues visíveis publicamente. Recomendações: Para as versões 8.5.13 e anteriores, atualize para a versão 8.5.13 ou posterior. Para as versões 8.6.0 a 8.13.4, atualize para a versão 8.13.5 ou posterior. Para as versões 8.14.0 a 8.15.0, atualize para a versão 8.15.1 ou posterior.

**Nome do software vulnerável e versões afetadas** Automation for Jira - Versões do servidor anteriores à 7.1.15 **Descrição** A vulnerabilidade permite que invasores remotos leiam e renderizem arquivos como modelos Mustache em arquivos dentro dos diretórios WEB-INF/classes e jira-installation/jira/bin, por meio de uma vulnerabilidade de injeção de modelo nos valores inteligentes do Jira que utilizam fragmentos Mustache. **Recomendações** Para versões anteriores à 7.1.15, atualize para a versão 7.1.15 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à funcionalidade de modelos Mustache nos valores inteligentes do Jira para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** JBoss Application Server versions prior to 7.1.0 Beta 1 **Description** A DOM based cross-site scripting flaw was found in the administration console of the JBoss Application Server. A remote attacker could provide a specially-crafted web page and trick a valid JBoss AS user with administrator privilege to visit it, leading to DOM environment modification and arbitrary HTML or web script execution. **Recommendations** For JBoss Application Server versions prior to 7.1.0 Beta 1, update to version 7.1.0 Beta 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JBoss Application Server versions prior to 7.1.0 **Description** A CSRF issue was found in JBoss Application Server, where it did not properly restrict access to the management console information. This can be exploited via the `Access-Control-Allow-Origin` HTTP access control flag, potentially leading to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. **Recommendations** For JBoss Application Server versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.

Nome do Software Vulnerável e Versões Afetadas: Versões do Atlassian Jira de 7.6.4 a 8.1.0 Descrição: Existe uma vulnerabilidade CSRF devido ao formulário de login não exigir um token CSRF. Isso permite que um atacante autentique um usuário no sistema em uma conta inesperada. Recomendações: Para as versões 7.6.4 a 8.1.0 do Atlassian Jira, atualize para uma versão que inclua uma correção para este problema para prevenir ataques CSRF. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions: Application Links versions prior to 5.0.11 Application Links versions 5.1.0 through 5.2.10 Application Links versions 5.3.0 through 5.3.6 Application Links versions 5.4.0 through 5.4.12 Application Links versions 6.0.0 through 6.0.4 Confluence versions prior to 6.15.2 Crucible versions prior to 4.7.0 Crowd versions prior to 3.4.3 Fisheye versions prior to 4.7.0 Jira versions prior to 7.13.3 Jira versions 8.x prior to 8.1.0 Description: The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the `applinkStartingUrl` parameter. This affects various Atlassian products. Recommendations: For Application Links versions prior to 5.0.11, update to version 5.0.11 or later. For Application Links versions 5.1.0 through 5.2.10, update to version 5.2.10 or later. For Application Links versions 5.3.0 through 5.3.6, update to version 5.3.6 or later. For Application Links versions 5.4.0 through 5.4.12, update to version 5.4.12 or later. For Application Links versions 6.0.0 through 6.0.4, update to version 6.0.4 or later. For Confluence versions prior to 6.15.2, update to version 6.15.2 or later. For Crucible versions prior to 4.7.0, update to version 4.7.0 or later. For Crowd versions prior to 3.4.3, update to version 3.4.3 or later. For Fisheye versions prior to 4.7.0, update to version 4.7.0 or later. For Jira versions prior to 7.13.3, update to version 7.13.3 or later. For Jira versions 8.x prior to 8.1.0, update to version 8.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** Confluence Server versions 2.0.0 through 6.6.12 Confluence Server versions 6.7.0 through 6.12.3 Confluence Server versions 6.13.0 through 6.13.3 Confluence Server versions 6.14.0 through 6.14.2 Confluence Server versions 6.15.0 through 6.15.1 Confluence Data Center versions 2.0.0 through 6.6.12 Confluence Data Center versions 6.7.0 through 6.12.3 Confluence Data Center versions 6.13.0 through 6.13.3 Confluence Data Center versions 6.14.0 through 6.14.2 Confluence Data Center versions 6.15.0 through 6.15.1 **Description** A path traversal vulnerability exists in the downloadallattachments resource of Confluence Server and Data Center. This vulnerability can be exploited by a remote attacker who has permission to add attachments to pages and/or blogs, create a new space or personal space, or has 'Admin' permissions for a space. The attacker can write files to arbitrary locations, potentially leading to remote code execution on systems running a vulnerable version of Confluence Server or Data Center. **Recommendations** For Confluence Server versions 2.0.0 through 6.6.12, update to version 6.6.13 or later. For Confluence Server versions 6.7.0 through 6.12.3, update to version 6.12.4 or later. For Confluence Server versions 6.13.0 through 6.13.3, update to version 6.13.4 or later. For Confluence Server versions 6.14.0 through 6.14.2, update to version 6.14.3 or later. For Confluence Server versions 6.15.0 through 6.15.1, update to version 6.15.2 or later. For Confluence Data Center versions 2.0.0 through 6.6.12, update to version 6.6.13 or later. For Confluence Data Center versions 6.7.0 through 6.12.3, update to version 6.12.4 or later. For Confluence Data Center versions 6.13.0 through 6.13.3, update to version 6.13.4 or later. For Confluence Data Center versions 6.14.0 through 6.14.2, update to version 6.14.3 or later. For Confluence Data Center versions 6.15.0 through 6.15.1, update to version 6.15.2 or later.

Name of the Vulnerable Software and Affected Versions: atlassian-http library versions prior to 2.0.2 Description: The issue allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of `application/mathml+xml`. This affects various Atlassian products. Recommendations: For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 61 Firefox ESR versions prior to 60.1 Thunderbird versions prior to 60 **Description** The issue is related to a flaw in NPAPI plugins, such as Adobe Flash, which can bypass CORS restrictions by making a same-origin POST request that redirects to the target site, allowing for cross-site request forgery (CSRF) attacks. This can enable a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Firefox versions prior to 61, update to version 61 or later. For Firefox ESR versions prior to 60.1, update to version 60.1 or later. For Thunderbird versions prior to 60, update to version 60 or later.

Name of the Vulnerable Software and Affected Versions: Fisheye versions prior to 4.4.5 Fisheye versions 4.5.0 through 4.5.1 Crucible versions prior to 4.4.5 Crucible versions 4.5.0 through 4.5.1 Description: The issue allows for double OGNL evaluation in certain redirect actions and in WebWork URL and Anchor tags in JSP files. An attacker with access to the web interface of Fisheye or Crucible, or who hosts a website visited by a user with such access, can exploit this to execute Java code of their choice on systems running a vulnerable version. Recommendations: For Fisheye versions prior to 4.4.5, update to version 4.4.5 or later. For Fisheye versions 4.5.0 through 4.5.1, update to version 4.5.2 or later. For Crucible versions prior to 4.4.5, update to version 4.4.5 or later. For Crucible versions 4.5.0 through 4.5.1, update to version 4.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** Gajim versions prior to 0.15 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `jig` parameter in the `get last conversation lines` function located in `common/logger.py`. **Recommendations** For versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get last conversation lines` function until a patch is available. Avoid using the `jig` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gajim versions prior to 0.15 **Description** The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute, specifically through the exec command function in common/helpers.py. **Recommendations** For versions prior to 0.15, update to version 0.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenStack Nova versions prior to 2011.3.1 **Description** The issue allows remote authenticated users to overwrite arbitrary files via a crafted tarball or manifest when the EC2 API and the S3/RegisterImage image-registration method are enabled. **Recommendations** For versions prior to 2011.3.1, update to version 2011.3.1 or later to resolve the issue.