[FE-7006] XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.4.3, 4.5.0
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

is related to

CRUC-8173 XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091

Closed

Owen made changes - 16/Oct/2018 8:15 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2943154 ]

New: JAC Bug Workflow v3 [ 2956318 ]

Owen made changes - 16/Oct/2018 4:42 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 2632174 ]

New: FE-CRUC Bug Workflow [ 2943154 ]

David Black made changes - 16/Feb/2018 4:31 AM

Labels

Original: CVE-2017-18091 advisory advisory-to-release cvss-medium security xss

New: CVE-2017-18091 advisory advisory-released cvss-medium security xss

David Black made changes - 16/Feb/2018 4:28 AM

Labels

Original: advisory advisory-to-release cvss-medium security xss

New: CVE-2017-18091 advisory advisory-to-release cvss-medium security xss

David Black made changes - 16/Feb/2018 4:26 AM

Link

New: This issue is related to ~~CRUC-8173~~ [ ~~CRUC-8173~~ ]

David Black made changes - 16/Feb/2018 4:26 AM

Link

Original: This issue was cloned as ~~CRUC-8173~~ [ ~~CRUC-8173~~ ]

David Black made changes - 16/Feb/2018 4:25 AM

Link

New: This issue was cloned as ~~FE-7007~~ [ ~~FE-7007~~ ]

David Black made changes - 16/Feb/2018 4:25 AM

Fix Version/s

New: 4.5.0 [ 71891 ]

David Black made changes - 16/Feb/2018 4:25 AM

Summary

Original: XSS in the admin backupprogress action through the filename of a backup -

New: XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091

David Black made changes - 16/Feb/2018 4:24 AM

Summary

Original: Sanitised security issue 699029c4590e77443708e550db04f7523d92b77cc76f73f08a36ed729fa68eec

New: XSS in the admin backupprogress action through the filename of a backup -

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Feb/2018 12:10 AM

Updated:: 16/Feb/2018 4:31 AM

Resolved:: 02/Feb/2018 3:18 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[FE-7006] XSS in the admin backupprogress action through the filename of a backup - CVE-2017-18091

People

Dates