Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
Severity 2 - Major
-
Description
We received external report
I found that the job artifact doesn't have any protection for the file to download.If the repo contain some kinds of file like HTML files.I can create a copy pattern */.html that will copy all html files to a certain location that can be rendered by browser directly and lead to XSS.
Here is the PoC steps:
Link any repo that have html files to a build plan;
Create a job in the plan and configure an Artifacts for this job.Input */.html in the copy pattern;
Run the plan and check the Shared artifacts,it have a url that will lead to your html file.
Attachments
Issue Links
- is related to
-
BAM-20305 Chrome/Safari open artifacts in browser instead of download option
- Closed
- mentioned in
-
Page Loading...
- was cloned as
-
BDEV-14879 Loading...