PT-2023-25665 · Atlassian · User Management For Bitbucket+2
Carl Nykvist
·
Publicado
2023-06-26
·
Atualizado
2023-07-06
·
CVE-2023-36662
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
User Management for Jira versions 2.0.0 through 2.17.1
User Management for Confluence versions 2.0.0 through 2.15.24
User Management for Bitbucket versions 2.2.2 through 2.15.24
Description
The TechTime User Management components for Atlassian products are affected by a stored XSS issue on the Bulk User Actions page.
Recommendations
For User Management for Jira versions 2.0.0 through 2.17.1, update to a version outside of this range to resolve the issue.
For User Management for Confluence versions 2.0.0 through 2.15.24, update to a version outside of this range to resolve the issue.
For User Management for Bitbucket versions 2.2.2 through 2.15.24, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the Bulk User Actions page until a patch is available.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
User Management For Bitbucket
User Management For Confluence
User Management For Jira