Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-9068

ConfigurationAction.doSetCardColor Persistent XSS

XMLWordPrintable

      The ConfigurationAction.doSetCardColor method is vulnerable to persistent XSS when saving an unsanitized cardColor parameter. The vulnerability is triggered in several velocity templates during rendering:

      • All-layouts.vm
      • Card-layout.vm
      • Issue-create.vm
      • Issue-gadget-cardview.vm
      • Issue-print.vm
      • Issue.vm
      • List-compact-layout.vm
      • List-layout.vm
      • Main.vm
      • Ranking-page.vm
      • Summary-layout.vm
      • Task-options.vm

      File: greenhopper\src\main\java\com\pyxis\greenhopper\jira\Actions\ConfigurationAction.java

      ConfigurationAction.java
      package com.pyxis.greenhopper.jira.actions;
import java.util.ArrayList;
import java.util.Arrays;
...
@SuppressWarnings("serial")
public abstract class ConfigurationAction extends BoardAction
{
...
    private String cardColor;
...
    @RequiresXsrfCheck
    public String doSetCardColor()
    {
      if(getCanEditConfig())
      {
        getConfiguration().setCardColor(typeId, cardColor);
        getConfiguration().save();
      }
      return doSuccess();
    }
...
    public void setCardColor(String cardColor)
    {
      this.cardColor = cardColor;
    }

        1. CardColor.PNG
          CardColor.PNG
          50 kB

            [JSWSERVER-9068] ConfigurationAction.doSetCardColor Persistent XSS

            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2851677 ] New: JAC Bug Workflow v3 [ 2936839 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2545822 ] New: JAC Bug Workflow v2 [ 2851677 ]
            Ignat (Inactive) made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551251 ] New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2545822 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 [ 908633 ] New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551251 ]
            Security Metrics Bot made changes -
            Labels Original: fixme security security_codereview New: cvss-high fixme security security_codereview
            Oswaldo Hernandez (Inactive) made changes -
            Workflow Original: GreenHopper Kanban Workflow 20141014 [ 747027 ] New: JIRA Bug Workflow w Kanban v6 [ 908633 ]
            David Black made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53620 ] New: This issue links to "Page (Extranet)" [ 53620 ]
            Craig Davies (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53620 ] New: This issue links to "Page (Extranet)" [ 53620 ]
            Ashley Blackmore made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53620 ] New: This issue links to "Page (Extranet)" [ 53620 ]
            Ashley Blackmore made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53620 ] New: This issue links to "Page (Extranet)" [ 53620 ]

              Unassigned Unassigned
              cee3f48a9671 Daniel
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: