Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.5.5, 8.8.2, 8.10.0, 8.9.1
Affects Version/s: 8.8.0
Component/s: Issue - Attachments
Labels:
- CVE-2020-4025
- advisory
- advisory-released
- bugbounty
- cvss-medium
- security
- sxss
- xss

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.08
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.

Affected versions:

version < 8.5.5
8.6.0 ≤ version < 8.8.2
8.9.0 ≤ version < 8.9.1

Fixed versions:

8.5.5
8.8.2
8.9.1
8.10.0

mentioned in: Page Loading...; Page Loading...

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 29/May/2020 5:19 AM

Updated:: 08/Mar/2021 3:40 PM

Resolved:: 29/May/2020 5:45 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates