[ONE-24289] Stored XSS vulnerability via markers - BigPicture Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Done
Affects Version/s: prod/bigpicture/jiracloud/2020/05/21/14_45, prod/biggantt/jiracloud/2020/05/21/14_45, prod/bigpicture/jiraserver/2020/06/23/7.11.15, prod/biggantt/jiraserver/2020/06/23/4.9.15
Fix Version/s: prod/bigpicture/jiraserver/2020/06/30/7.11.16, prod/biggantt/jiraserver/2020/06/30/4.9.16, prod/bigpicture/jiracloud/2020/07/01/14_10, prod/biggantt/jiracloud/2020/07/01/14_10, prod/bigpicture/jiracloud/2020/07/31/14_30, prod/biggantt/jiracloud/2020/07/31/14_30
Component/s: None
Labels:
- Blitz
- preprodBP8

Team:
[Inactive] Just Gantt
Product:

BigPicture, BigGantt
Host platform:

JIRA server, JIRA cloud
Customer Rank:
5
Total Customer Rank:
1
Follow-up Needed:

No
Hide Fields:

$i18n.getText("admin.common.words.hide")

$i18n.getText("admin.common.words.show")
var cfToHide1 = document.getElementById("rowForcustomfield_18501"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_18502"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19700"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_18400"); if(cfToHide4){cfToHide4.style.display="none";}

Sprint:
Sprint 2020/14

Time in "OPEN":

6 days, 19 hours, 10 minutes, 47 seconds

Open

Unassigned

2020-06-17 14:31 - 2020-06-18 09:09 (18 hours, 38 minutes, 29 seconds)

2020-06-22 10:32 - 2020-06-25 14:14 (3 days, 3 hours, 42 minutes, 6 seconds)

Total (3 days, 22 hours, 20 minutes, 35 seconds)

Michał Szpak

2020-06-18 09:09 - 2020-06-18 09:54 (44 minutes, 52 seconds)

2020-06-25 14:14 - 2020-06-26 09:42 (19 hours, 27 minutes, 20 seconds)

Total (20 hours, 12 minutes, 12 seconds)

Łukasz Pawełczak

2020-06-18 09:54 - 2020-06-22 10:32 (2 days, 37 minutes, 59 seconds)

Total (2 days, 37 minutes, 59 seconds)

Time "In Progress":

2 hours, 13 minutes, 58 seconds

Time "In Review":

40 minutes, 47 seconds

Time "In QA Review":

34 minutes

Time "In Test Scenario Review":

3 minutes, 2 seconds

Time "Waiting for Merge":

1 minute, 48 seconds

Time "Waiting for Release":

2 days, 2 hours, 48 minutes, 40 seconds

Hide Fields Statistics:

$i18n.getText("admin.common.words.hide")

$i18n.getText("admin.common.words.show")
var cfToHide1 = document.getElementById("rowForcustomfield_21302"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_19201"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19300"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_19301"); if(cfToHide4){cfToHide4.style.display="none";} var cfToHide5 = document.getElementById("rowForcustomfield_19302"); if(cfToHide5){cfToHide5.style.display="none";} var cfToHide6 = document.getElementById("rowForcustomfield_19303"); if(cfToHide6){cfToHide6.style.display="none";} var cfToHide7 = document.getElementById("rowForcustomfield_19204"); if(cfToHide7){cfToHide7.style.display="none";} var cfToHide8 = document.getElementById("rowForcustomfield_19205"); if(cfToHide8){cfToHide8.style.display="none";}

Description

https://tracker.bugcrowd.com/softwareplant-blitz/submissions/c47850fe-8662-4102-bf68-ba5e899ed80f

CVSS v3 >= 4.0 Medium

Accepted on 17.06.2020

Due date: 12.08.2020

Steps to reproduce:

Create a Gantt marker with stored XSS script as the name (example: <img src=x onerror=alert(/marker/)>
Refresh the page

Result:

The script is executed automatically.

Expected result:

The script should not be executable

Attachments

Activity

People

Assignee:: Michał Szpak

Reporter:: Marcin Koziński

SoftwarePlant People involved:: Tomasz Jaśkiewicz , Łukasz Kozłowski , Jenkins , Karolina Dajos-Krawczyńska , Pawel Guz , Ilya Rybakou , Gerrit , Jerzy Sekula , Mateusz Kielbowicz , Łukasz Pawełczak , Michał Szpak , Marcin Koziński

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-06-17 14:31

Updated:: 2022-01-13 08:32

Resolved:: 2020-06-26 13:15