Details
-
Bug
-
Status: Resolved
-
Medium
-
Resolution: Fixed
-
None
-
None
Description
What is this ticket?
This ticket tracks the corresponding Bugcrowd submission 906edd34-6c1f-418a-a5a9-69aa71445f7f. Please make a note of the triage and remediation due dates for this ticket.
You are not expected to update the status of the ticket. We will automatically sync the status of the Bugcrowd submission for you :smiley: Please continue to accept, reject, and close submissions directly in the Bugcrowd portal.
What can I do with this ticket?
:one: Ensure that you are actioning on the submission within the Triage Due Date & Remediation Due Date. Learn more about our Bug Fix Policy here.
:two: Request an SLA extension if you need more time. Learn more about SLA management here.
:three: Engage with our Atlassian Security team by simply commenting on the ticket.
:four: Use our partner dashboard to monitor all your SLA’s at one place and analyze trends.
Ticket updates:
If you are interested in receiving notifications on all ticket updates, please add yourself to the watchers list.
Requesting a SLA extension:
If you need to request an extension to fix the vulnerability, transition this ticket to the
EXTENSION REQUESTED
status.
SLA violation notifications:
You will be notified through email and this ticket as the SLA Due dates approach.
If you would like to de-list/retire your marketplace app, please create a request here. After you have created the request, please comment with a link to the ticket. Lastly, transition this ticket to the
ATLASSIAN INPUT REQUESTED
status.
Need any other help? Please comment on this ticket or you can create a ticket here.
Bugcrowd Submission Info:
- Stored Cross-Site Scripting (Privileged User to Privilege Elevation)
-
- Business Impact
After install [Xporter - Export issues from Jira](https://marketplace.atlassian.com/apps/891368/xporter-export-issues-from-jira?hosting=cloud&tab=overview) add-on users can create `global templates` and can add this template with `Xporter Multi-Action` in `WorkFlow post-function`. After test the `Xporter Multi-Action` I found that it can act as a vector for stored XSS attacks.
____________
-
- Steps to Reproduce
1. Admin install [Xporter - Export issues from Jira](https://marketplace.atlassian.com/apps/891368/xporter-export-issues-from-jira?hosting=cloud&tab=overview) add-on
1. Admin add new UserB.
1. UserB navigate to {}Apps > mange Apps > under xporter go to Template > then create new template{} and in template name inject XSS payload.
1. Now UserB Or Admin navigate to {}issues > workflow > edit any workflow > then enter to any `Transitions` > then to Post Functions > click in Add Post Functions > form list select `Xporter Multi-Action` > then at Template select Template content xss pyaload.{} and publish post function and workflow
1. Now if sys admin navigate to {}issues > workflow > Post Functions,{}, Observe the JavaScript payload being executed
____________
-
- Proof of Concept (PoC)
Attachments
Issue Links
- links to