PT-2023-25665 · Atlassian · User Management For Bitbucket+2
Carl Nykvist
·
Published
2023-06-26
·
Updated
2023-07-06
·
CVE-2023-36662
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
User Management for Jira versions 2.0.0 through 2.17.1
User Management for Confluence versions 2.0.0 through 2.15.24
User Management for Bitbucket versions 2.2.2 through 2.15.24
Description
The TechTime User Management components for Atlassian products are affected by a stored XSS issue on the Bulk User Actions page.
Recommendations
For User Management for Jira versions 2.0.0 through 2.17.1, update to a version outside of this range to resolve the issue.
For User Management for Confluence versions 2.0.0 through 2.15.24, update to a version outside of this range to resolve the issue.
For User Management for Bitbucket versions 2.2.2 through 2.15.24, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the Bulk User Actions page until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Management For Bitbucket
User Management For Confluence
User Management For Jira