Fix Jira LTS versions to avoid CVE-2020-11022 and CVE-2020-11023

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Upgrade
    • None
    • 1
    • 1

      On April 2020 two security issues got public: CVE-2020-11022 and CVE-2020-11023.

      Both current Jira LTS versions (8.5 and 8.13) use a version of jQuery that is vulnerable to these security issues, allowing an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

              Assignee:
              Unassigned
              Reporter:
              Emerson Silva
              Votes:
              9 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: