4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
70.1%
{panel:bgColor=#e7f4fa}
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61888].
{panel}
Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce:
Offending code in {{/src/main/webapp/includes/decorators/global-translations.jsp#18}}:
{code:java}
17 <input type=“hidden” title=“ajaxUnauthorised” value=“<ww:text name=”‘common.forms.ajax.unauthorised.alert’“/>”>
18 <input type=“hidden” title=“baseURL” value=“<%=request.getScheme() + “://” +request.getServerName() + ‘:’ + request.getServerPort() + request.getContextPath()%>”>
19 <input type=“hidden” title=“ajaxCommsError” value=“<ww:text name=”‘common.forms.ajax.commserror’“/>”>
{code}
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
70.1%