Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.8.0
Affects Version/s: None
Component/s: AppLinks
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of the Application Links plugin used in Bamboo before version 6.8.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.

is related to

CWD-5362 XSS in the listApplicationLinks resource of the Application links plugin - CVE-2018-20239

Closed

APL-1373 Loading...

is caused by: APL-1370 Loading...

relates to: BBSDEV-19392 Loading...; SECURITY-1179 Loading...

Assignee:: Alexey Chystoprudov

Reporter:: Alexey Chystoprudov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Due:: 21/Mar/2019

Created:: 23/Jan/2019 10:59 PM

Updated:: 16/Jun/2023 12:16 AM

Resolved:: 28/Jan/2019 9:26 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates