Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.2.4, 5.2.5
Affects Version/s: None
Component/s: Integrations - Jira
Labels:

CVSS Score:
6.5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

Xss exploit found when using the existing Confluence Jira Macro.

Occurs when adding this url to the Macro's dialog and selecting the 'refresh' icon on the dialog also appears when saving and viewing the page after the page has been saved with the exploit. (see screenshot)

http://kshekhar-pc:8080/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?jqlQuery=&tempMax=1000

To replicate:

Setup Jira Instance with attach dataset
On Confluence Instance setup an applinks with the Jira instance that has the dataset
Copy the JQL url by going into the search issues and listing all issues in the 'XSS' project and select 'Export' -> 'XML'
In Confluence Create a new Jira Issue Macro via the editor shortcut '{jira'
Paste the above url
Should get exploit upon selecting the refresh button on the dialog and also when saving the page

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

demo.xml
2 kB
02/Jul/2013 5:04 AM
insert-page-1.png
67 kB
15/Aug/2013 10:14 AM
JIRA5.1_QAData.zip
435 kB
17/Jun/2013 7:17 AM
jiraissuemacro-xss.png
98 kB
17/Jun/2013 4:40 AM
page-home.png
51 kB
15/Aug/2013 10:13 AM

Issue Links

relates to

CONFCLOUD-29653 XSS vulnerability in Jira Macro *Existing*

Closed

mentioned in: Wiki Page Loading...

Activity

People

Assignee:: Hai Nguyen (Inactive)

Reporter:: Glenn Martin

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 17/Jun/2013 4:40 AM

Updated:: 11/Oct/2018 8:37 AM

Resolved:: 26/Aug/2013 2:45 AM