Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8162

XSS via wiki markup

XMLWordPrintable

      Problem

      There is was error when rendering nested types of markup. In specially crafted cases, this could be used to create XSS vulnerabilities on pages that render wiki markup.

      Affected versions

      • older than 4.5.1

      Fixed versions

      • 4.5.1 and higher
      • 4.6.0 and higher

      For more information see https://jira.atlassian.com/browse/RNDR-153 (currently restricted to atlassian staff).

            [CRUC-8162] XSS via wiki markup

            David Black added a comment - - edited

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 5.4 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

            David Black added a comment - - edited This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 5.4 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

              Unassigned Unassigned
              mparfianowicz Marek Parfianowicz
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: