Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.9.0
-
Severity 3 - Minor
-
Description
Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.
A jquery patch has been applied for Bitbucket versions >= 7.10.0.
Attachments
Issue Links
- mentioned in
-
Page Loading...