-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.7.1
-
8.07
-
Severity 3 - Minor
-
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
Affected versions:
- version < 8.5.5
- 8.6.0 ≤ version < 8.8.2
- 8.9.0 ≤ version < 8.9.1
Fixed versions:
- 8.5.5
- 8.8.2
- 8.9.1
- 8.10.0
[JRASERVER-71113] XSS in Issue - Attachments - CVE-2020-4024
| Remote Link | New: This issue links to "Page (Confluence)" [ 508998 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 500450 ] |
| Labels | Original: CVE-2020-4024 advisory advisory-to-release bugbounty cvss-high security xss | New: CVE-2020-4024 advisory advisory-released bugbounty cvss-high security xss |
| Security | Original: Atlassian Staff [ 10750 ] |
| Description |
Original:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in issue attachments .
*Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |
New:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
*Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |
| Fixed in Enterprise Release/s | New: [Download 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Due Date | New: 27/Aug/2020 |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |
| Description |
Original:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the issue attachments view.
*Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |
New:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in issue attachments .
*Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |
| Description |
Original:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Issue - Attachments. *Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |
New:
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the issue attachments view.
*Affected versions:* * version < 8.5.5 * 8.6.0 ≤ version < 8.8.2 * 8.9.0 ≤ version < 8.9.1 *Fixed versions:* * 8.5.5 * 8.8.2 * 8.9.1 * 8.10.0 |