[BAM-19661] XSS in the viewDeploymentVersionCommits resource through the name of a release - CVE-2017-18040 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.2.0
Component/s: None
Labels:

Last commented by user?:
true
Comments:
1
Symptom Severity:
Major

Description

The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

SecurityB

Participants:

SecurityB

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Due:

30/Mar/2018

Created:

02/Feb/2018 12:11 AM

Updated:

02/Feb/2018 3:58 AM

Resolved:

02/Feb/2018 3:12 AM

Last commented:

36 weeks, 6 days ago