Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-18622

Potential XSS via HTML render at the artifacts tab of build result

XMLWordPrintable

      We received external report

      I found that the job artifact doesn't have any protection for the file to download.If the repo contain some kinds of file like HTML files.I can create a copy pattern */.html that will copy all html files to a certain location that can be rendered by browser directly and lead to XSS.

      Here is the PoC steps:

      Link any repo that have html files to a build plan;
      Create a job in the plan and configure an Artifacts for this job.Input */.html in the copy pattern;
      Run the plan and check the Shared artifacts,it have a url that will lead to your html file.

              Unassigned Unassigned
              aminozhenko alexmin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: