Leaking issues from linked Jira – Atlassian Confluence Server

Application Links (sometimes called “app links”) is a bundled app that allows you to set up links, share information, and provide access to certain resources or functionality across multiple Atlassian products. Linking Confluence to other applications allows you to include information from those applications in pages or blogs that you create in Confluence. For example,… Continue reading Leaking issues from linked Jira – Atlassian Confluence Server

CSRF Protection Bypass – Atlassian Confluence Server

The Server version of Atlassian Confluence comes with a built-in plugin named applinks-cors, with the following declaration in file atlassian-plugin.xml: The CorsFilter class is implemented as below: As we can see from the code, for all requests to URLs that match the defined patterns, Access-Control-Allow-Origin (ACAO) and Access-Control-Allow-Credentials (ACAC) headers will be added to the… Continue reading CSRF Protection Bypass – Atlassian Confluence Server

RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)

Two years ago, Progress released a security advisory about a cryptographic weakness issue in Telerik UI for ASP.NET AJAX components that can result in an arbitrary file upload, allowing unauthenticated attackers to compromise vulnerable websites via uploading a webshell. CMSes that use the component, such as DotNetNuke, Sitefinity, are also affected. While the issue is… Continue reading RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)