Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.10.0
Affects Version/s: 7.9.0
Component/s: Security - XSS
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

A jquery patch has been applied for Bitbucket versions >= 7.10.0.

relates to

BSERV-13679 Update Jquery used on Bitbucket

Closed

mentioned in: Page Loading...

Assignee:: Unassigned

Reporter:: Themis

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 24/Aug/2022 2:53 PM

Updated:: 01/Jul/2024 5:54 AM

Resolved:: 11/Sep/2022 11:53 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates