[JRASERVER-67076] XSS in the Trello board importer resource - CVE-2017-18097 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 7.6.1, 7.7.0
Affects Version/s: 7.5.0
Component/s: Jira Importers Plugin
Labels:
- CVE-2017-18097
- advisory
- advisory-released
- bugbounty
- cvss-high
- security
- sxss
- xss

Fixed in Long Term Support Release/s:

Download 7.6
Introduced in Version:
7.05
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

set-jac-bot made changes - 22/May/2020 8:27 AM

Fixed in Enterprise Release/s

New: [Download 7.6|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Bugfix Automation Bot made changes - 28/Mar/2019 12:24 AM

Minimum Version

New: 7.05

Owen made changes - 15/Jan/2019 5:45 AM

Component/s		New: Jira Importers Plugin [ 44190 ]
Component/s	Original: Backup & Restore - Import from Trello [ 44293 ]

Owen made changes - 16/Oct/2018 12:38 AM

Workflow	Original: JAC Bug Workflow v2 [ 2830053 ]	New: JAC Bug Workflow v3 [ 2911692 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 25/Sep/2018 4:17 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Owen made changes - 25/Sep/2018 12:26 AM

Workflow	Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2653628 ]	New: JAC Bug Workflow v2 [ 2830053 ]
Status	Original: Closed [ 6 ]	New: Resolved [ 5 ]

David Black made changes - 05/Apr/2018 4:22 AM

Description

Original: The Trello board importer resource in Atlassian Jira Server before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

New: The Trello board importer resource in Atlassian Jira before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

David Black made changes - 05/Apr/2018 4:19 AM

Labels

Original: CVE-2017-18097 advisory advisory-to-release bugbounty cvss-high security sxss xss

New: CVE-2017-18097 advisory advisory-released bugbounty cvss-high security sxss xss

David Black made changes - 05/Apr/2018 4:18 AM

Security

Original: Atlassian Staff [ 10750 ]

David Black made changes - 05/Apr/2018 4:17 AM

Description

Original: The Trello board importer resource in Atlassian Jira Server before version 7.6.1 Server and before version 7.7.0 Server allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

New: The Trello board importer resource in Atlassian Jira Server before version 7.6.1 and before version 7.7.0 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 05/Apr/2018 4:08 AM

Updated:: 18/Mar/2022 5:14 AM

Resolved:: 05/Apr/2018 4:10 AM

Jira Data Center

Details

Description

Attachments

Forms

Activity

[JRASERVER-67076] XSS in the Trello board importer resource - CVE-2017-18097

People

Dates