[FE-6890] Reflected XSS in the repository changelog resource through the start date and end date filter parameters - CVE-2017-9510 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.1
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.

Owen made changes - 16/Oct/2018 8:15 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2943699 ]

New: JAC Bug Workflow v3 [ 2956478 ]

Owen made changes - 16/Oct/2018 4:42 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 2409596 ]

New: FE-CRUC Bug Workflow [ 2943699 ]

David Black made changes - 29/Jan/2018 6:31 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 314337 ]

David Black made changes - 24/Aug/2017 11:47 AM

Labels

Original: advisory-released cvss-medium security xss

New: CVE-2017-9510 advisory-released cvss-medium security xss

David Black made changes - 24/Aug/2017 11:47 AM

Summary

Original: Reflected XSS in the repository commit changelog resource through a filter parameter.

New: Reflected XSS in the repository changelog resource through the start date and end date filter parameters - CVE-2017-9510

David Black made changes - 24/Aug/2017 5:44 AM

Priority

Original: Low [ 4 ]

New: Medium [ 3 ]

David Black made changes - 24/Aug/2017 5:44 AM

Description

Original: There is a reflected XSS in the repository commit changelog resource through a filter parameter.

New: The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.

David Black added a comment - 22/Aug/2017 3:40 AM

CVSS v3 score: 5.4 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	Low
Availability	None

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

David Black added a comment - 22/Aug/2017 3:40 AM CVSS v3 score: 5.4 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

David Black made changes - 22/Aug/2017 3:37 AM

Description

Original: There is a reflected XSS in the parameter of the commit filter.

New: There is a reflected XSS in the repository commit changelog resource through a filter parameter.

David Black made changes - 22/Aug/2017 3:37 AM

Summary

Original: Reflected XSS in the parameter of the commit filter

New: Reflected XSS in the repository commit changelog resource through a filter parameter.

Assignee:: Unassigned

Reporter:: Piotr Swiecicki

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 17/Jul/2017 9:00 AM

Updated:: 29/Jan/2018 6:31 AM

Resolved:: 17/Jul/2017 9:01 AM

Details

Description

Attachments

Forms

Activity

[FE-6890] Reflected XSS in the repository changelog resource through the start date and end date filter parameters - CVE-2017-9510

Collapse comment: David Black added a comment - 22/Aug/2017 3:40 AM

Expand comment: David Black added a comment - 22/Aug/2017 3:40 AM

People

Dates