Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
2017-05-23-01 XXE Out Of Band Extraction Vulnerability
Summary | CVE-2017-7415 - XXE Out Of Band Extraction Vulnerability |
---|---|
Advisory Release Date |
|
Product | |
Affected SAML SSO versions | 0.14 - 0.14.6 (including) |
Fixed SAML SSO versions | Versions of SAML SSO equal to and above 0.14.7 contain a fix for this issue. The SAML Single Sign On (SSO) for Bitbucket Plugin is not affected. |
CVE ID(s) | TBA |
Summary of Vulnerability
This advisory discloses a medium severity security vulnerability affecting SAML Single Sign On Plugin Version 0.14 - 0.14.6 for JIRA and Confluence.
Please upgrade your Installations immediately to fix this vulnerability.
Versions before 0.14 are not affected.
Authenticated users can extract file system content from JIRA/Confluence Server via XXE Out of Band.
Severity
resolution rates the severity level of this vulnerability as medium, according to the CVS Specification
Full CVS Scoring:
- Serevity: Medium
- Temporal Score: 6.0
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
This is an independent assessment and you should evaluate its applicability to your own IT environment.
Description
A REST API endpoint in the Confluence and JIRA plugins uses an unsafe DocumentBuilder parser to parse XML responses allowing for XXE attacks.
The end result is that any authenticated user can read arbitrary files from the JIRA or Confluences servers filesystem including configuration, passwords, etc.
Acknowledgements
This Vulnerability has been disclosed to us via a third-party organisation as a responsible disclosure on 22.05.2017 23:55 CET. Further Credits TBD
Fix
We have taken the following steps to address this issue:
- Released SAML Plugin Version 0.14.7 that contains a fix for this issue.
What You Need to Do
Upgrade to SAML Plugin Version 0.14.7 or higher.
Support
If you have questions or concerns regarding this advisory, please raise a support request via our Support Portal.