-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: None
-
Component/s: Artifacts
-
Severity 2 - Major
We received external report
I found that the job artifact doesn't have any protection for the file to download.If the repo contain some kinds of file like HTML files.I can create a copy pattern */.html that will copy all html files to a certain location that can be rendered by browser directly and lead to XSS.
Here is the PoC steps:
Link any repo that have html files to a build plan;
Create a job in the plan and configure an Artifacts for this job.Input */.html in the copy pattern;
Run the plan and check the Shared artifacts,it have a url that will lead to your html file.
- is related to
-
-
- Closed
-
- mentioned in
-
Page Loading...
- was cloned as
-