EUVD-2021-1946

Malware in sbrugna...

Path Traversal

atlasboard is vulnerable to path traversal. Lack of secure path handling in the function renderWidgetResource allows an attacker to read arbitrary files...

Path traversal in atlasboard

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. PoC javascript const widget = require"atlasboard/lib/webapp/routes/widget"; // Mock req and res const req = ; const res = sendFile:...

GHSA-25PR-6PR6-68V7 Path traversal in atlasboard

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. PoC javascript const widget = require"atlasboard/lib/webapp/routes/widget"; // Mock req and res const req = ; const res = sendFile:...

atlasboard-sonarqube-package (>=1.0.0 <=1.0.1) potentially affected by CVE-2021-39109 via atlasboard (=1.0.1)

atlasboard NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on atlasboard and may be impacted: - atlasboard-sonarqube-package =1.0.0, =1.0.1 Source cves: CVE-2021-39109 Source advisory: OSV:GHSA-25PR-6PR6-68V7...

CVE-2021-39109

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability...

CVE-2021-39109

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability...

Path traversal

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability...

CVE-2021-39109

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability...

CVE-2021-39109

Atlasboard (Atlasian Atlasboard) prior to version 1.1.9 is vulnerable to a path traversal in the renderWidgetResource resource, allowing remote attackers to read arbitrary files. The underlying issue is improper filtering of path elements, enabling access outside restricted directories. Affected ...

CVE-2021-39109

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability...

Atlasian Atlasboard 路径遍历漏洞

Atlasian Atlasboard is a dashboard framework written in nodejs. A path traversal vulnerability exists in Atlasian Atlasboard that stems from the renderWidgetResource resource in the product failing to properly filter for special elements in the path of a resource or file. An attacker could use th...

PT-2021-22375 · Atlassian · Atlasboard

Name of the Vulnerable Software and Affected Versions: Atlasian Atlasboard versions prior to 1.1.9 Description: The issue allows remote attackers to read arbitrary files via a path traversal vulnerability in the renderWidgetResource resource. Recommendations: For versions prior to 1.1.9, update t...

Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

GHSA-25V4-MCX4-HH35 Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

Cross-site Scripting (XSS)

atlasboard-atlassian-package is vulnerable to cross-site scripting XSS. A user who can create or modify issues on JIRA server e.g bug tracker can inject and execute arbitrary JavaScript in a victim's browser...

Cross-Site Scripting

Overview All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers bei...

Node.js third-party modules: [atlasboard-atlassian-package] Cross-site Scripting (XSS)

I would like to report XSS in atlasboard-atlassian-package It allows to inject clientside javascript or HTML in cases when attacker has opportunity to create or modify issues on JIRA server e.g bug tracker which is configured to work with application from module. Module module name:...