[CRUC-8161] XSS in the source browser resource through malicious branch names - CVE-2017-18034 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.5.1, 4.6.0
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.

Affected versions

Older than 4.5.1

Fixed versions

4.5.1 and higher
4.6.0 and higher

relates to

FE-6994 XSS in the source browser resource through malicious branch names - CVE-2017-18034

Closed

Form Name

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Marek Parfianowicz

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 18/Jan/2018 10:24 AM

Updated:: 01/Feb/2018 10:38 AM

Resolved:: 18/Jan/2018 10:34 AM

Details

Description

Affected versions

Fixed versions

Attachments

Issue Links

Forms

Activity

[CRUC-8161] XSS in the source browser resource through malicious branch names - CVE-2017-18034

People

Dates