Details
-
Bug
-
Resolution: Fixed
-
Highest
-
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3, 2.3.1, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7, 2.7.1, 2.7.2, 2.7.3
-
None
Description
We have identified and fixed a cross-site scripting (XSS) vulnerability in Bamboo's User Management pages. This affects Bamboo versions 1.0 to 2.7.3.
- An attacker might take advantage of an XSS vulnerability to steal the current session of a logged-in user.
- XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Bamboo page. An attacker's text and script might be displayed to other people viewing the page.
This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/rAP5FQ
We recommend you to upgrade your Bamboo installation.
You can read more about XSS attacks at cgisecurity, CERT and other places on the web: