Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19665

XSS in the signupUser resource through the value of the csrf token cookie - CVE-2017-18081

XMLWordPrintable

      The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

            [BAM-19665] XSS in the signupUser resource through the value of the csrf token cookie - CVE-2017-18081

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2016 v1 - Restricted [ 2594779 ] New: JAC Bug Workflow v3 [ 3384801 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            David Black made changes -
            Labels Original: CVE-2017-18081 advisory advisory-to-release bamboo-bugfix-kanban cvss-medium security xss New: CVE-2017-18081 advisory advisory-released bamboo-bugfix-kanban cvss-medium security xss
            David Black made changes -
            Labels Original: advisory advisory-to-release bamboo-bugfix-kanban cvss-medium security xss New: CVE-2017-18081 advisory advisory-to-release bamboo-bugfix-kanban cvss-medium security xss
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Summary Original: XSS in the signupUser resource through the csrf token cookie value - CVE-2017-18081 New: XSS in the signupUser resource through the value of the csrf token cookie - CVE-2017-18081
            David Black made changes -
            Description Original: The signup resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO. New: The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
            David Black made changes -
            Description Original: Component in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO. New: The signup resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO.
            David Black made changes -
            Summary Original: XSS in the New: XSS in the signupUser resource through the csrf token cookie value - CVE-2017-18081
            David Black made changes -
            Summary Original: Sanitised security issue cdb3be82c553d499e5b595bb2d05e8636bf7c7eef3d49714aa143dc86573c0d7 New: XSS in the

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: