[BAM-19666] XSS in the plan configure branches resource through the name of a branch - CVE-2017-18082 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.2.3
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: SecurityB

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Due:: 30/Mar/2018

Created:: 02/Feb/2018 12:12 AM

Updated:: 19/Aug/2019 2:05 AM

Resolved:: 02/Feb/2018 3:35 AM