QID 150513

Date Published: 2022-05-11

QID 150513: Atlassian Jira Server Cross Site Scripting (XSS) Vulnerability (JRASERVER-72396)

Jira is a proprietary issue tracking product, product developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

The installed version of CardLayoutConfigTable component in Jira Server and Jira Data Center allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.

Affected version:
before version 8.5.15
from version 8.6.0 before version 8.13.7
from version 8.14.0 before 8.17.0

QID Detection Logic:(Unauthenticated):
It checks for vulnerable version of Atlassian Jira Server.

Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

  • CVSS V3 rated as High - 6.1 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Upgrade the Atlassian Jira to new version.
    Vendor References

    CVEs related to QID 150513

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-72396 URL Logo jira.atlassian.com/browse/JRASERVER-72396