Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

The ChartBoardAction.doSetCurveColor method is vulnerable to persistent XSS when saving an unsanitized color parameter in user preferences. The set method isn’t protected from XSRF, allowing exploitation from remote attackers.

File: greenhopper\src\main\java\com\pyxis\greenhopper\jira\Actions\ChartBoardAction.java

ChartBoardAction.java

package com.pyxis.greenhopper.jira.actions;
import java.io.IOException;
import java.util.Set;
...
@SuppressWarnings("serial")
public class ChartBoardAction extends VersionBoardAction
{
...
    protected String color;
...    
    public String doSetCurveColor()
    {
      Set<CurveSettings> settings = getChartContext().getSettings();
      for(CurveSettings curveSetting : settings)
      {
        if(curveSetting.getId().equals(curveId))
        {
          curveSetting.setColor(color);
          break;
        }
      }
      getPreferences().setSettings(getChartContext().getSettingsId(), settings);
      getPreferences().save();
      return SUCCESS;
    }
...
    public void setColor(String color)
    {
      this.color = color;
    }

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

CurveColor XSS.PNG
66 kB
04/Jun/2013 12:57 AM

Activity

People

Assignee:: Unassigned

Reporter:: Daniel

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/Jun/2013 12:57 AM

Updated:: 29/Aug/2019 12:51 AM

Resolved:: 09/Sep/2013 2:10 AM