[CRUC-8482] XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.8.2
Affects Version/s: 4.6.0, 4.7.0, 4.8.0
Component/s: Code reviews
Labels:
- CVE-2020-4023
- advisory
- advisory-released
- bugbounty
- cvss-high
- release-48x
- security
- xss

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.

Affected versions:

version < 4.8.2

Fixed versions:

4.8.2
4.9.0

is related to

FE-7298 XSS in the review coverage resource through the committerFilter parameter- CVE-2020-4023

Closed

Marek Parfianowicz made changes - 09/Nov/2023 9:44 AM

Labels

Original: CVE-2020-4023 advisory advisory-released bugbounty cvss-high release-48x release-490 security xss

New: CVE-2020-4023 advisory advisory-released bugbounty cvss-high release-48x security xss

Marek Parfianowicz made changes - 09/Nov/2023 9:43 AM

Labels

Original: CVE-2020-4023 advisory advisory-released bugbounty cvss-high release-490 security xss

New: CVE-2020-4023 advisory advisory-released bugbounty cvss-high release-48x release-490 security xss

Marek Parfianowicz made changes - 09/May/2023 5:48 PM

Labels

Original: CVE-2020-4023 advisory advisory-released bugbounty cvss-high security xss

New: CVE-2020-4023 advisory advisory-released bugbounty cvss-high release-490 security xss

Marek Parfianowicz made changes - 16/Mar/2021 11:17 AM

Fix Version/s

Original: 4.9.0 [ 90696 ]

David Black made changes - 01/Jun/2020 6:27 AM

Labels

Original: CVE-2020-4023 advisory advisory-to-release bugbounty cvss-high security xss

New: CVE-2020-4023 advisory advisory-released bugbounty cvss-high security xss

David Black made changes - 01/Jun/2020 6:22 AM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

David Black made changes - 28/May/2020 5:27 AM

Link

New: This issue is related to ~~CRUC-8483~~ [ ~~CRUC-8483~~ ]

David Black made changes - 28/May/2020 5:27 AM

Link

Original: This issue was cloned as ~~CRUC-8483~~ [ ~~CRUC-8483~~ ]

David Black made changes - 28/May/2020 5:26 AM

Priority

Original: Low [ 4 ]

New: Medium [ 3 ]

David Black made changes - 28/May/2020 5:26 AM

Link

New: This issue was cloned as ~~CRUC-8483~~ [ ~~CRUC-8483~~ ]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 28/May/2020 5:17 AM

Updated:: 09/Nov/2023 9:44 AM

Resolved:: 28/May/2020 5:21 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates