Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-61861

CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

XMLWordPrintable

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name.

            [JRASERVER-61861] CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2841680 ] New: JAC Bug Workflow v3 [ 2919443 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573493 ] New: JAC Bug Workflow v2 [ 2841680 ]
            Status Original: Closed [ 6 ] New: Resolved [ 5 ]
            Kamil Kolonko made changes -
            Fix Version/s New: 7.1.9 [ 64205 ]
            Fix Version/s Original: 7.1.9 Server [ 62034 ]
            Ignat (Inactive) made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1554274 ] New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573493 ]
            Ignat (Inactive) made changes -
            Fix Version/s New: Available in Cloud [ 77401 ]
            Fix Version/s Original: 1000.35.0 Cloud [ 62057 ]
            jonah (Inactive) made changes -
            Description Original: A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name. New: {panel:bgColor=#e7f4fa}
              *NOTE:* This bug report is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61861].
              {panel}

            A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name.
            jonah (Inactive) made changes -
            Link New: This issue relates to JRACLOUD-61861 [ JRACLOUD-61861 ]
            Oswaldo Hernandez (Inactive) made changes -
            Component/s New: Project Administration - Users and Roles [ 11832 ]
            David Black made changes -
            Description Original: A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource. New: A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name.
            David Black made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]

              Unassigned Unassigned
              lukasz.plonka324392336 lukasz.plonka324392336
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: