Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-8260

XSS in Bamboo User Management

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3, 2.3.1, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7, 2.7.1, 2.7.2, 2.7.3
    • Fix Version/s: 2.7.4, 3.0
    • Component/s: None
    • Labels:

      Description

      We have identified and fixed a cross-site scripting (XSS) vulnerability in Bamboo's User Management pages. This affects Bamboo versions 1.0 to 2.7.3.

      • An attacker might take advantage of an XSS vulnerability to steal the current session of a logged-in user.
      • XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Bamboo page. An attacker's text and script might be displayed to other people viewing the page.

      This issue is reported in our security advisory on this page:
      https://confluence.atlassian.com/x/rAP5FQ

      We recommend you to upgrade your Bamboo installation.

      You can read more about XSS attacks at cgisecurity, CERT and other places on the web:

        Attachments

          Activity

            People

            Assignee:
            vosipov Vitaly Osipov [Atlassian]
            Reporter:
            alui Andrew Lui
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Last commented:
              8 years, 24 weeks ago