Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.4.0, 5.4.1, 5.5.0, 5.5.1, 5.4.2, 5.6.0, 5.4.3, 5.5.2, 5.6.1, 5.7.0, 5.4.4, 5.7.1, 5.4.5, 5.4.6, 5.7.2, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.7.3, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.4.16, 5.4.17, 5.4.18, 5.4.19, 5.4.20, 5.4.21, 5.4.22, 5.12.9
Affects Version/s: 5.8.0, 5.8.1, 5.9.0, 5.8.2, 5.9.1, 5.10.0, 5.9.2, 5.11.0, 5.10.1, 5.10.2, 5.12.0, 5.11.1, 5.9.3, 5.8.3, 5.13.0, 5.10.3, 5.11.2, 5.11.3, 5.12.1, 5.11.4, 5.12.2, 5.13.1, 5.12.3, 5.12.4, 5.13.2, 5.12.6, 5.12.5, 5.12.7, 5.12.8
Component/s: None
Labels:
None

CVSS Score:
6.5
CVSS Severity:
Medium
CVE ID:
CVE-2021-20085
Vulnerability Source:
Customer Report
Vulnerability Classes:

XSS (Cross Site Scripting)
Internal Priority:
Medium

Jira Service Management uses the backbone-query-parameters library, which is vulnerable to Prototype Pollution. An attacker can define arbitrary fields in Object.prototype and change the logic of JS scripts, which as a result can lead to XSS.

Vulnerability	Prototype Pollution (CVE-2021-20085)
Affected versions	5.8.0 to 5.13.1 (this includes LTS 5.12.x versions)
Safe versions	5.4.x LTS and 15.14.0+ versions are not affected.
Target fix versions	5.12.9

mentioned in: Page Loading...

Assignee:: Unassigned

Reporter:: Yann

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 10/May/2024 12:41 AM

Updated:: 26/Jun/2024 3:55 PM

Resolved:: 06/Jun/2024 3:47 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Backbone Issue Sync