[BAM-8260] XSS in Bamboo User Management - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.7.4, 3.0
Affects Version/s: 2.0, (37)
2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3, 2.3.1, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7, 2.7.1, 2.7.2, 2.7.3
Component/s: None
Labels:
- advisory

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a cross-site scripting (XSS) vulnerability in Bamboo's User Management pages. This affects Bamboo versions 1.0 to 2.7.3.

An attacker might take advantage of an XSS vulnerability to steal the current session of a logged-in user.
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Bamboo page. An attacker's text and script might be displayed to other people viewing the page.

This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/rAP5FQ

We recommend you to upgrade your Bamboo installation.

You can read more about XSS attacks at cgisecurity, CERT and other places on the web:

There are no comments yet on this issue.

Assignee:: VitalyA

Reporter:: Andrew

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 15/Mar/2011 11:29 PM

Updated:: 19/Aug/2019 2:03 AM

Resolved:: 15/Mar/2011 11:32 PM