Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.5.5, 8.8.2, 8.10.0, 8.9.1
Affects Version/s: 8.7.1
Component/s: Issue - Attachments
Labels:
- CVE-2020-4022
- advisory
- advisory-released
- bugbounty
- cvss-medium
- security
- sxss
- xss

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.07
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Issue attachments.

Affected versions:

version < 8.5.5
8.6.0 ≤ version < 8.8.2
8.9.0 ≤ version < 8.9.1

Fixed versions:

8.5.5
8.8.2
8.9.1
8.10.0

mentioned in: Page Loading...; Page Loading...

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 28/May/2020 5:13 AM

Updated:: 08/Mar/2021 3:44 PM

Resolved:: 31/May/2020 11:45 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates