[JRASERVER-70856] XSS via project configuration - CVE-2019-20416 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.3.0
Affects Version/s: 8.0.2, 7.13.3
Component/s: Project Administration - Others
Labels:

Introduced in Version:
7.13
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature.

Affected versions:

version < 8.3.0

Fixed versions:

8.3.0

David Black made changes - 01/Jul/2020 12:40 AM

Labels

Original: CVE-2019-20416 advisory advisory-to-release bugbounty cvss-medium security xss

New: CVE-2019-20416 advisory advisory-released bugbounty cvss-medium security xss

AB made changes - 30/Jun/2020 3:00 AM

Summary

Original: XSS via project configuration

New: XSS via project configuration - CVE-2019-20416

AB made changes - 30/Jun/2020 3:00 AM

Labels

Original: advisory advisory-to-release bugbounty cve-in-progress cvss-medium security xss

New: CVE-2019-20416 advisory advisory-to-release bugbounty cvss-medium security xss

AB made changes - 30/Jun/2020 2:53 AM

Labels

Original: advisory advisory-to-release bugbounty cvss-medium security xss

New: advisory advisory-to-release bugbounty cve-in-progress cvss-medium security xss

Bugfix Automation Bot made changes - 02/Apr/2020 2:30 AM

Introduced in Version

New: 7.13

AB made changes - 02/Apr/2020 1:56 AM

Security

Original: Atlassian Staff [ 10750 ]

AB made changes - 02/Apr/2020 1:56 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Needs Triage [ 10030 ]	New: Closed [ 6 ]

AB made changes - 02/Apr/2020 1:55 AM

Summary

Original: Sanitised security issue 54882d8c8734ecb0208d47bc81a0fb3446c690b9d66cf31eeea75ca5ca522093

New: XSS via project configuration

AB made changes - 02/Apr/2020 1:55 AM

Description

Original: Component in Atlassian Jira Server and Data Center from version 7.13.3 before version 8.3.0 and from version 8.0.2 before version 8.3.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO.

New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature.

*Affected versions:*
* version < 8.3.0

*Fixed versions:*
* 8.3.0

Security Metrics Bot made changes - 02/Apr/2020 1:51 AM

Link

New: This issue is detailed by JRASERVER-69182 [ JRASERVER-69182 ]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Apr/2020 1:51 AM

Updated:: 01/Jul/2020 12:40 AM

Resolved:: 02/Apr/2020 1:56 AM

Details

Description

Attachments

Forms

Activity

[JRASERVER-70856] XSS via project configuration - CVE-2019-20416

People

Dates