• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 3.0.3, 3.1
• Affects Version/s: 3.0.1
• Component/s: Security
• Labels:

  • advisory
  • cvss-high
  • security

[BAM-10028] XSS vulnerability in /agent/configureAgents resource

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 1:58 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1435407 ]	New: JAC Bug Workflow v3 [ 3379505 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 07/Jul/2016 3:48 AM

Workflow

Original: Bamboo Workflow 2016 v1 [ 1410106 ]

New: Bamboo Workflow 2016 v1 - Restricted [ 1435407 ]

Marek Went (Inactive) made changes - 16/Jun/2016 10:18 AM

Workflow

Original: Bamboo Workflow 2014 v2 [ 610384 ]

New: Bamboo Workflow 2016 v1 [ 1410106 ]

Security Metrics Bot made changes - 22/Sep/2015 8:57 AM

Labels

Original: advisory security

New: advisory cvss-high security

James Dumay made changes - 17/Jan/2014 12:01 AM

Workflow

Original: Bamboo Workflow 2014 [ 593053 ]

New: Bamboo Workflow 2014 v2 [ 610384 ]

James Dumay made changes - 15/Jan/2014 1:31 AM

Workflow

Original: Bamboo Workflow 2010 [ 351514 ]

New: Bamboo Workflow 2014 [ 593053 ]

David Black made changes - 23/Dec/2013 3:42 AM

Description

Original: We have identified and fixed a reflected cross-site scripting (XSS) vulnerability in the Bamboo configureAgents resource. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about XSS attacks at:     http://www.cgisecurity.com/xss-faq.html     http://www.cert.org/advisories/CA-2000-02.html

New: We have identified and fixed a reflected cross-site scripting (XSS) vulnerability in the Bamboo configureAgents resource. This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ You can read more about XSS attacks at:     http://www.cgisecurity.com/xss-faq.html     http://www.cert.org/advisories/CA-2000-02.html

paulwatson (Inactive) made changes - 22/Nov/2011 6:07 AM

Security

Original: Reporters and Developers [ 10070 ]

VitalyA made changes - 08/Nov/2011 5:46 AM

Labels

New: advisory security

VitalyA made changes - 03/Nov/2011 4:14 AM

Description

Original: We have identified and fixed a cross-site scripting (XSS) vulnerability in the Bamboo /agent/configureAgents resource. * An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. * An attacker's text and script might be displayed to other people viewing the Bamboo page. This is potentially damaging to your company's reputation. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about XSS attacks at cgisecurity, CERT and other places on the web: * http://www.cgisecurity.com/xss-faq.html * http://www.cert.org/advisories/CA-2000-02.html

New: We have identified and fixed a reflected cross-site scripting (XSS) vulnerability in the Bamboo configureAgents resource. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about XSS attacks at:     http://www.cgisecurity.com/xss-faq.html     http://www.cert.org/advisories/CA-2000-02.html

Load more older events