Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.4.9, 7.0.0-OD-02
Affects Version/s: 6.4.2
Component/s: None
Labels:

Introduced in Version:
6.04
CVSS Score:
4.3
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.

How to reproduce:
1- go to https://jira.atlassian.com/secure/UpdateMyJiraHome.jspa?target=whscheck.%20For%20assistance%20contact%20our%20support%20department%20at%20testing@whitehatsec.com.&atl_token=ARL5-JM5F-FL1H-5Q9J|4f0e936efad6fa907c51844f07311cdefce004c1|lin
2 - click "Retry Operation"

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

screenshot-1.png
49 kB
18/Jun/2015 10:10 PM

Issue Links

relates to

JRASERVER-40793 "Content injection" issue in gadgets

Closed

Activity

People

Assignee:: Oswaldo Hernandez (Inactive)

Reporter:: pfomin@visa.com

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 18/Jun/2015 10:09 PM

Updated:: 05/Dec/2019 1:30 AM

Resolved:: 29/Jul/2015 9:22 AM