Security Patches: 2020-11-25 to 2020-12-03

Security Patches from 2020-11-25 to 2020-12-03

External Share for Jira is part of the Atlassian Marketplace Bug Bounty program.

A bug bounty program is one of the most powerful post-production tools you can implement to help detect vulnerabilities in your applications and services. Crowdsourcing vulnerability discovery augments the skills of your team by providing access to a skilled pool of security researchers.

The Atlassian Marketplace Bug Bounty Program is hosted on Bugcrowd, a SaaS platform built to crowdsource vulnerability discovery from a global pool of talented security researchers. Marketplace Partners who join this program allow the security researchers to test their applications for security vulnerabilities who are then rewarded based on severity of the vulnerability discovered. The result is a cost efficient solution for Marketplace Partners to discover and fix vulnerabilities in their apps on an ongoing basis which results in more secure apps for customers.

Marketplace apps that are currently participating in the Marketplace Bug Bounty Program are identifiable by the security badge on their Marketplace app listing. For more information on how the Marketplace Bug Bounty Program is run, please review the information on our Developer page.

We have released multiple versions between 2020-11-25 and 2020-12-03 of External Share for Cloud and Server.

Fix Versions

  • External Share for Jira Cloud 1.2.0-AC

  • External Share for Jira Server 2.4.0

  • External Share for Jira Data Center 2.4.0

They contain security patches for the following topics:

External Share for Jira (Server & Data Center)

  • XSS via attachment name on external page

  • XSS in view links form via user full name

  • XSS via attached SVG

  • XSS via attached HTML

  • Reflected XSS via redirect param on password page

  • Invalidated Redirect on password page

  • SQL Injection - GET /share (sort / sort order)

  • BAC | GET /mail Gain access to all shares

  • BAC | GET /share Gain access to all shares

  • BAC | PUT /share Gain access to all shares

  • BAC | Attachment (media-proxy) - access to already generated media was not revoked after share settings changed

External Share for Jira (Cloud)

  • XSS via attachment name on external page

  • XSS in view links form via user full name

  • Reflected XSS via redirect param on password page

  • Invalidated Redirect on password page

  • SQL Injection - GET /share (sort / sort order)

  • BAC | GET /mail Gain access to all shares

  • BAC | GET /share Gain access to all shares

  • BAC | PUT /share Gain access to all shares

  • BAC | Attachment (media-proxy) - access to already generated media was not revoked after share settings changed

 

If you have any questions or would like to know more about any of the issues patched please contact us: support@oldstreetsolutions.com