Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in API and Integrations.

      Affected versions:

      • version < 4.10.0

      Fixed versions:

      • 4.10.0

            [JSDSERVER-6895] XSS in API and Integrations - CVE-2020-14166

            Does Atlassian Jira Service Desk Appliance version number and Atlassian Jira Service Desk Server version number match up, or, are separate version numbers specific to each the Appliance version and Server version?

            Just need to know as I can not get Atlassian Jira Service Desk Server version, while Atlassian Service Desk Application version number is displayed.

            Peter Sharar added a comment - Does Atlassian Jira Service Desk Appliance version number and Atlassian Jira Service Desk Server version number match up, or, are separate version numbers specific to each the Appliance version and Server version? Just need to know as I can not get Atlassian Jira Service Desk Server version, while Atlassian Service Desk Application version number is displayed.

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 4.8 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required High
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 4.8 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: