[JSWCLOUD-9069] ChartBoardAction.doSetCurveColor Persistent XSS

Type: Bug
Resolution: Fixed
Priority: Highest
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Cloud bug fix policy

The ChartBoardAction.doSetCurveColor method is vulnerable to persistent XSS when saving an unsanitized color parameter in user preferences. The set method isn’t protected from XSRF, allowing exploitation from remote attackers.

File: greenhopper\src\main\java\com\pyxis\greenhopper\jira\Actions\ChartBoardAction.java

ChartBoardAction.java

package com.pyxis.greenhopper.jira.actions;
import java.io.IOException;
import java.util.Set;
...
@SuppressWarnings("serial")
public class ChartBoardAction extends VersionBoardAction
{
...
    protected String color;
...    
    public String doSetCurveColor()
    {
      Set<CurveSettings> settings = getChartContext().getSettings();
      for(CurveSettings curveSetting : settings)
      {
        if(curveSetting.getId().equals(curveId))
        {
          curveSetting.setColor(color);
          break;
        }
      }
      getPreferences().setSettings(getChartContext().getSettingsId(), settings);
      getPreferences().save();
      return SUCCESS;
    }
...
    public void setColor(String color)
    {
      this.color = color;
    }

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

CurveColor XSS.PNG
66 kB
04/Jun/2013 12:57 AM

Monique Khairuliana (Inactive) made changes - 29/Aug/2019 12:51 AM

Workflow	Original: JSWCLOUD Bug Workflow [ 3192799 ]	New: JAC Bug Workflow v3 [ 3474122 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 06/May/2019 4:55 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1886731 ]

New: JSWCLOUD Bug Workflow [ 3192799 ]

vkharisma made changes - 02/Apr/2017 1:02 AM

Project Import

New: Sun Apr 02 01:01:23 UTC 2017 [ 1491094883663 ]

Owen made changes - 07/Jul/2016 7:05 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 [ 908803 ]

New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551254 ]

Security Metrics Bot made changes - 22/Sep/2015 8:56 AM

Labels

Original: fixme security security_codereview

New: cvss-high fixme security security_codereview

Oswaldo Hernandez (Inactive) made changes - 02/Jul/2015 12:53 AM

Workflow

Original: GreenHopper Kanban Workflow 20141014 [ 747025 ]

New: JIRA Bug Workflow w Kanban v6 [ 908803 ]

David Black made changes - 20/May/2015 2:01 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53548 ]

New: This issue links to "Page (Extranet)" [ 53548 ]

Craig Davies (Inactive) made changes - 28/Apr/2015 11:45 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53548 ]

New: This issue links to "Page (Extranet)" [ 53548 ]

Ashley Blackmore made changes - 28/Apr/2015 6:41 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53548 ]

New: This issue links to "Page (Extranet)" [ 53548 ]

Ashley Blackmore made changes - 28/Apr/2015 6:38 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53548 ]

New: This issue links to "Page (Extranet)" [ 53548 ]

Assignee:: Unassigned

Reporter:: Daniel

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 04/Jun/2013 12:57 AM

Updated:: 29/Aug/2019 12:51 AM

Resolved:: 09/Sep/2013 2:10 AM

Jira Cloud

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates