CVE-2019-3402

Name of the Vulnerable Software and Affected Versions Jira versions prior to 7.13.3 Jira versions 8.0.0 through 8.1.0

Description The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. This occurs in the ConfigurePortalPages.jspa resource.

Recommendations For Jira versions prior to 7.13.3, update to version 7.13.3 or later. For Jira versions 8.0.0 through 8.1.0, update to version 8.1.1 or later. As a temporary workaround, consider restricting access to the ConfigurePortalPages.jspa resource until a patch is available. Avoid using the searchOwnerUserName parameter in the affected resource until the issue is resolved.