GreenHopper Security Advisory 2010-05-05

In this advisory:

XSS Vulnerabilities

Severity

Atlassian rates these vulnerabilities as high, according to the scale published in Severity Levels for Security Issues. The scale allows us to rank a vulnerability as critical, high, moderate or low.

Risk Assessment

We have identified and fixed several cross-site scripting (XSS) vulnerabilities in GreenHopper, which may affect JIRA instances that are running the GreenHopper plugin. These vulnerabilities have security implications and are especially important for anyone running publicly accessible instances of JIRA/GreenHopper.

  • An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to the attacker's own web server. The attacker could potentially then gain control over the underlying JIRA system and/or the underlying operating system, based on the privileges of the user whose credentials had been stolen.
  • An attacker's text and script might be displayed to other people viewing a GreenHopper page. This is potentially damaging to your company's reputation.

You can read more about XSS attacks at cgisecurity, CERT and other places on the web.

Vulnerability

All versions of GreenHopper are affected by these XSS vulnerabilities.

An attacker can inject their own JavaScript into the following GreenHopper pages:

  • 'Add Version' popup
  • /secure/Configuration.jspa
  • /secure/GetBoardForIssue.jspa
  • /secure/GHAddIssue.jspa
  • /secure/SetCCBStartDate.jspa

Risk Mitigation

We strongly recommend upgrading your GreenHopper plugin to fix these vulnerabilities. Please see the 'Fix' section below.

Fix

These issues have been fixed in:

Visibility of Project and Version names to non-logged-in users

Severity

Atlassian rates this vulnerability as moderate, according to the scale published in Severity Levels for Security Issues. The scale allows us to rank a vulnerability as critical, high, moderate or low.

Risk Assessment

We have identified and fixed a vulnerability in GreenHopper, which may affect JIRA instances that are running the GreenHopper plugin. The vulnerability allows the list of Projects and Versions to be viewed by users who are not logged in to JIRA/GreenHopper.

  • The name of a project might be visible to unauthorised users.
  • The names of versions in a project might be visible to unauthorised users.

Vulnerability

All versions of GreenHopper are affected by this visibility vulnerability.

A user who is not logged in to JIRA/GreenHopper can see project names and version names in the drop-down lists on the GreenHopper 'Planning Board', 'Task Board', 'Release Board' or 'Charts Board'.

Risk Mitigation

We strongly recommend upgrading your GreenHopper plugin to fix this vulnerability. Please see the 'Fix' section below.

Fix

These issues have been fixed in:

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport