CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
29.2%
An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability.
Atlassian Jira 7.6.4 Atlassian Jira 7.7.0 Atlassian Jira 8.1.0
<https://www.atlassian.com/software/jira>
7.4 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-79 - Improper Neutralization of Input During Web Page Generation (βCross-site Scriptingβ)
Parsing of comments or worklogs that use the wikirenderer are susceptible to malformed input which will result in a persistent XSS. The renderer markup format supports setting attributes for embedded images, with an attr=val
format. The renderer also supports parsing URLs to create links in the rendered output. However, the renderer also creates URLs for image attributes that have a value starting with http:.
Combining these two behaviors allows for creating malformed HTML output. This can be leveraged to execute arbitrary JavaScript.
To demonstrate the issue on versions 7.6.4-7.7.0, create an issue comment with the following content:
!https://cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_badge_2up.png|width=http://onmouseover=alert(42);//!
The same issue can be demonstrated on version 8.1.0, using the following content:
!image.png|width=\" onmouseover=alert(42);//!
2019-05-14 - Vendor disclosure
2019-09-09 - Vendor patched
2019-09-12 - Public release
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
29.2%