[JSWCLOUD-9069] ChartBoardAction.doSetCurveColor Persistent XSS

Type: Bug
Resolution: Fixed
Priority: Highest
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Cloud bug fix policy

The ChartBoardAction.doSetCurveColor method is vulnerable to persistent XSS when saving an unsanitized color parameter in user preferences. The set method isn’t protected from XSRF, allowing exploitation from remote attackers.

File: greenhopper\src\main\java\com\pyxis\greenhopper\jira\Actions\ChartBoardAction.java

ChartBoardAction.java

package com.pyxis.greenhopper.jira.actions;
import java.io.IOException;
import java.util.Set;
...
@SuppressWarnings("serial")
public class ChartBoardAction extends VersionBoardAction
{
...
    protected String color;
...    
    public String doSetCurveColor()
    {
      Set<CurveSettings> settings = getChartContext().getSettings();
      for(CurveSettings curveSetting : settings)
      {
        if(curveSetting.getId().equals(curveId))
        {
          curveSetting.setColor(color);
          break;
        }
      }
      getPreferences().setSettings(getChartContext().getSettingsId(), settings);
      getPreferences().save();
      return SUCCESS;
    }
...
    public void setColor(String color)
    {
      this.color = color;
    }

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

CurveColor XSS.PNG
66 kB
04/Jun/2013 12:57 AM

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Daniel

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 04/Jun/2013 12:57 AM

Updated:: 29/Aug/2019 12:51 AM

Resolved:: 09/Sep/2013 2:10 AM

Jira Cloud

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates