Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.10.0
Affects Version/s: 7.9.0
Component/s: Security - XSS
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

A jquery patch has been applied for Bitbucket versions >= 7.10.0.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Themis

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Aug/2022 2:53 PM

Updated:: 19/Dec/2023 9:18 PM

Resolved:: 11/Sep/2022 11:53 PM