• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 4.10.0
• Affects Version/s: 4.7.1
• Component/s: API and Integrations
• Labels:

  • CVE-2020-14166
  • advisory
  • advisory-released
  • bugbounty
  • cqt
  • cvss-medium
  • security
  • xss

[JSDSERVER-6895] XSS in API and Integrations - CVE-2020-14166

alexmin (Inactive) made changes - 01/Jul/2020 12:44 AM

Labels

Original: CVE-2020-14166 advisory advisory-to-release bugbounty cqt cvss-medium security xss

New: CVE-2020-14166 advisory advisory-released bugbounty cqt cvss-medium security xss

alexmin (Inactive) made changes - 01/Jul/2020 12:44 AM

Security

Original: Atlassian Staff [ 10750 ]

alexmin (Inactive) made changes - 18/Jun/2020 3:45 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Needs Triage [ 10030 ]	New: Closed [ 6 ]

alexmin (Inactive) made changes - 18/Jun/2020 3:45 AM

Labels

Original: advisory advisory-to-release bugbounty cqt cvss-medium security xss

New: CVE-2020-14166 advisory advisory-to-release bugbounty cqt cvss-medium security xss

alexmin (Inactive) made changes - 18/Jun/2020 3:45 AM

Summary

Original: XSS in API and Integrations - CVE-PENDING

New: XSS in API and Integrations - CVE-2020-14166

Security Metrics Bot made changes - 18/Jun/2020 3:11 AM

Due Date

New: 16/Sep/2020

Security Metrics Bot made changes - 18/Jun/2020 2:45 AM

Link

New: This issue is detailed by JSDSERVER-6803 [ JSDSERVER-6803 ]

Security Metrics Bot made changes - 18/Jun/2020 2:45 AM

Fix Version/s		New: 4.10.0 [ 91825 ]
Description	Original: Filler description.	New: Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in API and Integrations. *Affected versions:*  * version < 4.10.0 *Fixed versions:*  * 4.10.0
Labels		New: advisory advisory-to-release bugbounty cqt cvss-medium security xss

Security Metrics Bot created issue - 18/Jun/2020 2:45 AM