Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19661

XSS in the viewDeploymentVersionCommits resource through the name of a release - CVE-2017-18040

XMLWordPrintable

      The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

            [BAM-19661] XSS in the viewDeploymentVersionCommits resource through the name of a release - CVE-2017-18040

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2016 v1 - Restricted [ 2594768 ] New: JAC Bug Workflow v3 [ 3382266 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Major [ 14431 ] New: Severity 2 - Major [ 15831 ]
            David Black made changes -
            Description Original: The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in a release name. New: The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
            David Black made changes -
            Summary Original: XSS in the viewDeploymentVersionCommits resource - CVE-2017-18040 New: XSS in the viewDeploymentVersionCommits resource through the name of a release - CVE-2017-18040
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Labels Original: advisory advisory-to-release bamboo-bugfix-kanban cvss-medium security xss New: CVE-2017-18040 advisory advisory-released bamboo-bugfix-kanban cvss-medium security xss
            David Black made changes -
            Priority Original: Low [ 4 ] New: Medium [ 3 ]
            David Black made changes -
            Description Original: Component in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO. New: The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in a release name.
            David Black made changes -
            Summary Original: Sanitised security issue 55f649f744967ffac76bcee8a21c9aeacc30baa1a67f8703d976f0fb93ca9066 New: XSS in the viewDeploymentVersionCommits resource - CVE-2017-18040
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Resolved [ 5 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: