| Include Page | ||||
|---|---|---|---|---|
|
Security Patches from 2020-11-25 to 2020-12-03
External Share for Jira is part of the Atlassian Marketplace Bug Bounty program.
...
We have released multiple versions between 2020-11-25 and 2020-12-03 of External Share for Cloud and Server (latest .
Fix Versions
External Share for Jira Cloud 1.2.0-AC
External Share for Jira Server 2.4.0
...
External Share for Jira Data Center 2.4.0
They contain security patches for the following topics:
External Share for Jira (Server)
XSS via attachment name on external page
XSS in view links form via user full name
XSS via attached SVG
XSS via attached HTML
Reflected XSS via redirect param on password page
Invalidated Redirect on password page
SQL Injection - GET /share (sort / sort order)
BAC | GET /mail Gain access to all shares
BAC | GET /share Gain access to all shares
BAC | PUT /share Gain access to all shares
BAC | Attachment (media-proxy) - access to already generated media was not revoked after share settings changed
External Share for Jira (Cloud)
XSS via attachment name on external page
XSS in view links form via user full name
Reflected XSS via redirect param on password page
Invalidated Redirect on password page
SQL Injection - GET /share (sort / sort order)
BAC | GET /mail Gain access to all shares
BAC | GET /share Gain access to all shares
BAC | PUT /share Gain access to all shares
BAC | Attachment (media-proxy) - access to already generated media was not revoked after share settings changed
...