Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-5642

Cross Site Scripting Vulnerabilities

XMLWordPrintable

      We have identified and fixed several reflected and persisted cross-site scripting (XSS) vulnerabilities that affect GreenHopper instances, including publicly available instances (that is, Internet-facing servers). XSS vulnerabilities allow an attacker to embed their own JavaScript into a GreenHopper page.

      More details are available in the advisory at https://confluence.atlassian.com/display/GH/GreenHopper+Security+Advisory+2012-08-21

            [JSWSERVER-5642] Cross Site Scripting Vulnerabilities

            Larry Peery added a comment -

            Same story, we are on 4.4.5/GreenHopper 5.8.7. When will a fix be available?

            Larry Peery added a comment - Same story, we are on 4.4.5/GreenHopper 5.8.7. When will a fix be available?

            Akira Higuchi added a comment -

            What about GreenHopper 5.7. We are using JIRA 4.3. we can not upgrade the JIRA to version 5.0 or later right now. Could you give us patches to fix the vulnerability in GreenHopper 5.7?

            Akira Higuchi added a comment - What about GreenHopper 5.7. We are using JIRA 4.3. we can not upgrade the JIRA to version 5.0 or later right now. Could you give us patches to fix the vulnerability in GreenHopper 5.7?

            xiujiazhi added a comment -

            Now we use the GreenHopper 5.8.7 with JIRA 4.4.5, and we know that the vulnerability have been fixed in GreenHopper 5.9.8 and later, however we can not upgrade the JIRA to version 5.0 or later right now, and it is security vulnerability is serious, so can give us patches to fix the vulnerability in GreenHopper 5.8.7?

            xiujiazhi added a comment - Now we use the GreenHopper 5.8.7 with JIRA 4.4.5, and we know that the vulnerability have been fixed in GreenHopper 5.9.8 and later, however we can not upgrade the JIRA to version 5.0 or later right now, and it is security vulnerability is serious, so can give us patches to fix the vulnerability in GreenHopper 5.8.7?

            Dale Miller added a comment -

            What about 5.8.7. That is the last 4.4.5 version of GreenHopper. As Jira 4.4.5 is not end of life until 2014 I would expect a fixed version of the GreenHopper plugin for that version of Jira.

            Dale Miller added a comment - What about 5.8.7. That is the last 4.4.5 version of GreenHopper. As Jira 4.4.5 is not end of life until 2014 I would expect a fixed version of the GreenHopper plugin for that version of Jira.

            Shaun Clowes (Inactive) added a comment -

            All versions post 5.9.8 have been fixed, including the 6.x versions

            Shaun Clowes (Inactive) added a comment - All versions post 5.9.8 have been fixed, including the 6.x versions

            Mike added a comment -

            What is the status of the 6.x versions of the GH plugin? The advisory states "[t]hese vulnerabilities affect all supported versions of GreenHopper", but the fixed version is a 5.x version.

            Mike added a comment - What is the status of the 6.x versions of the GH plugin? The advisory states " [t] hese vulnerabilities affect all supported versions of GreenHopper", but the fixed version is a 5.x version.

            Dale Miller added a comment -

            Will there be a fix for the version compatible with Jira 4.4.5?

            Dale Miller added a comment - Will there be a fix for the version compatible with Jira 4.4.5?

              vosipov VitalyA
              vosipov VitalyA
              Affected customers:
              0 This affects my team
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: