[CONFSERVER-13041] XSS in bookmarks plugin

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.9.2, 2.10
Affects Version/s: 2.9, 2.9.1
Component/s: None
Labels:
- XSS
- affects-server
- bookmark
- plugins
- qa-manual
- security
Environment:

using standalone 2.9.1 win 2003 prof, jdk 1.6
also tested on 2.9 deployed in tomcat 6.0.18

Bug Fix Policy:
View Atlassian Server bug fix policy

The bookmarking code under the url

http://localhost:8080/plugins/socialbookmarking/updatebookmark.action

is vulnerable to XSS attacks using the spaceKey parameter:

submitting the following code will execute javascript:

spaceKey=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%22%3E

IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the
vulnerability to publicly available security forums such as CERT (www.cert.org). Our policy is to give
you at least 30 days grace period prior to any public disclosure.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

header.vm
2 kB
19/Sep/2008 2:10 AM

Mark Hrynczak (Inactive) added a comment - 23/Sep/2008 7:40 AM

No automated tests written. Change was manually tested by Brian.

Mark Hrynczak (Inactive) added a comment - 23/Sep/2008 7:40 AM No automated tests written. Change was manually tested by Brian.

Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:10 AM - edited

Attached is the patch for Confluence 2.8.2. To apply the patch

Download the patch
Replace the file found in /confluence/decorators/includes/
Restart Confluence

Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:10 AM - edited Attached is the patch for Confluence 2.8.2. To apply the patch Download the patch Replace the file found in /confluence/decorators/includes/ Restart Confluence

Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:02 AM

This has been fixed for the upcoming 2.9.2 and 2.10 releases

Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:02 AM This has been fixed for the upcoming 2.9.2 and 2.10 releases

m@ (Inactive) added a comment - 18/Sep/2008 7:06 AM

Thomas

Thanks for the reports, I will be setting the priority to Critical as the issues get scheduled. We wont be releasing 2.9.2 until they are all addressed.

Cheers
Matt

m@ (Inactive) added a comment - 18/Sep/2008 7:06 AM Thomas Thanks for the reports, I will be setting the priority to Critical as the issues get scheduled. We wont be releasing 2.9.2 until they are all addressed. Cheers Matt

Assignee:: Brian Nguyen (Inactive)

Reporter:: Thomas Jaehnel

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 15/Sep/2008 4:14 PM

Updated:: 11/Oct/2018 8:40 AM

Resolved:: 23/Sep/2008 7:40 AM

Details

Description

Attachments

Attachments

Forms

Activity

Collapse comment: Mark Hrynczak (Inactive) added a comment - 23/Sep/2008 7:40 AM

Expand comment: Mark Hrynczak (Inactive) added a comment - 23/Sep/2008 7:40 AM

Collapse comment: Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:10 AM, Edited by Brian Nguyen - 19/Sep/2008 2:15 AM

Expand comment: Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:10 AM, Edited by Brian Nguyen - 19/Sep/2008 2:15 AM

Collapse comment: Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:02 AM

Expand comment: Brian Nguyen (Inactive) added a comment - 19/Sep/2008 2:02 AM

Collapse comment: m@ (Inactive) added a comment - 18/Sep/2008 7:06 AM

Expand comment: m@ (Inactive) added a comment - 18/Sep/2008 7:06 AM

People

Dates