[XPORTER-3157] RCE vulnerability at Multi-action Workflow Post Function - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Release 5.5.0
Fix Version/s: 6.3.4
Component/s: Scheduled Reports, Security
Labels:
- security_vulnerability_critical

Requirement Status:
OK
- 1

Description

A Jira Project Manager can exploit Xporter Multi-action Workflow Post Function by Server-Side Injection - Remote Code Execution. An attacker could create a template with malicious code and change the output file extension before creating the Post Function.

Attachments

Issue Links

clones

XPORTER-2959 RCE vulnerability at Scheduled Report

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Rui Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Feb/20 10:18 AM

Updated:: 16/Apr/24 2:15 PM

Resolved:: 28/Apr/20 3:40 PM

Time Tracking

Estimated:

Remaining:

Logged: