Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Jimi Wikman

Atlassian JIRA < 7.7.1 Cross-Site Scripting (XSS) Vulnerability (JRASERVER-67108)

Recommended Posts

Quote

Synopsis

The remote web server hosts a web application that is potentially affected by a cross-site scripting vulnerability.

Description

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 7.7.1. It is, therefore, potentially affected by a cross-site scripting vulnerability in nested wiki markup.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Jira version 7.7.1 or later.

See Also

https://jira.atlassian.com/browse/JRASERVER-67108

A new report from https://www.tenable.com/plugins/nessus/132673

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Forum Moderators

  • Similar Content

    • By ©Jimi Wikman
      Portfolio for Jira and it's third iteration that was released in April 2019 has some great features. In no less than 18 releases since the main release Portfolio for Jira has grown into a powerful tool to manage projects and programs in Jira. This is a summary of the biggest features released for Portfolio for Jira 3.0.
       
      Set a plan that reflects your reality
      One of the most difficult aspect of managing teams in Jira is to get a holistic overview. Using Portfolio for Jira this becomes much easier and in 3.0 it becomes even easier as you can adjust your plan by dragging and dropping issues to designate or reassign their parents, reorder them based on priority, and set timelines for their execution to generate a roadmap your teams can really get behind. All data is in real time so you can always get that holistic overview you need.

       
      Constantly evolve and respond to change
      With Portfolio for Jira 3.0 you can can visualize cross-project and cross-team dependencies to proactively navigate pitfalls and continually adapt plans, forging a clear path forward to help your team deliver on time. Get the data you need to adjust plans and drill down into the latest changes when ever you need to.

       

       
      Consistently communicate and share the best of your plan
      A variety of display options allow you to share updates with the right level of detail tailored to your audience and keep everyone on the same page, even as plans evolve. And because plans are open to everyone in the organization using Portfolio, individual team members can see how their work connects to bigger-picture initiatives, while management can see when work is forecasted to ship.

       
      Fields
      Following the launch of 3.0, highly requested fields such as Priority and Parent are added to give you even better detail of the work. In addition to this you also will find a new field called progress that track the completed work based on estimates (days, hours, or story points) for all the descendants of a given issue. This is displayed based on both completed and partially completed issues for which time has been logged against the estimated workload.
      Five additional fields are available with Portfolio for Jira 3.0. These are Checkbox, Radio button, User picker (single user), URL (read-only), and Label. You can use these to further add data to your overview.

       
      Bulk actions
      Five bulk actions have been added to Portfolio for Jira 3.0. Fields that can now be manipulated in bulk include Target start, Target end, Assignee, Sprint, and Issue rank. Clean up your plan by removing or reranking issues, or set dates all in one go.

       
      Filters
      With Portfolio for Jira 3.0 there are now filtering support for Jira standard fields Assignees, Sprints, Issue sources, and Issue types. There are also filtering for custom fields such as Single-select, Label, and Radio button, but it still in progress so expect this to be expanded in future updates. These new filter options makes it even easier to get the view you need.

       
      View settings
      With support for coloring, grouping, and general display of information in your plan you add meaningful context and a greater dimension to your data. This will make thins more clear as you track progress or share your plans with others.
      The new view settings now have the ability to roll up sprints on the timeline, new sorting capabilities (sort by Dates, Status, Sprint, Estimate, and Priority), and the new grouping options (group by Label, Release, Sprint).

       
      Portfolio for Jira plan Confluence macro
      In an effort to expand on the options for sharing Portfolio plans, in version 3.12 we announced the arrival of the “Portfolio for Jira plan” Confluence macro, which enables users to embed lightweight Portfolio for Jira plans directly within Confluence pages. It’s yet another way to keep everyone on the same page, even as plans evolve.

       
      Other notable improvements
       
       
      Impressions so far
      Portfolio for Jira is by far the most useful overview for day to day operational management of Jira projects. Where Jira align is useful for Portfolio management on a strategic level and Roadmaps for Jira Cloud give a different visual overview on a team level, Portfolio for Jira give the operational overview.
      The continued improvement of Portfolio for Jira 3.0 has continuously made this experience better and easier to work with. As we see more and more organizations start to implement SAFe into their way of working, Portfolio for Jira still is the best way to implement this on an operational level.
      If you have not tried Portfolio for Jira I strongly recommend that you give it a test run. It is an amazing addition to your Jira instance if you are serious about portfolio management on an operational level.
      More information on Portfolio for Jira can be found here:
      Portfolio for Jira | Atlassian
      WWW.ATLASSIAN.COM With Jira Software and Portfolio for Jira, you can combine your long-term planning and agile development to get visibility at...  
    • By ©Jimi Wikman
      Make use of the leading Project Portfolio Management app for Jira.
      Watch this 1-hour tutorial - webinar of BigPicture, BigGantt:
      Program Manager 1:52 31:05 32:52 40:52 Gantt chart 12:06 18:34 25:07 31:56 Scope 36:07 Resources 1:02:28 52:05 57:44 |_ skills 1:04:08 |_ workload plans 1:01:17 |_ holiday plans 1:01:42 Board 44:50 52:58 1:00:58 Roadmap 40:33 Teams 59:30 Risks 53:20 Reports 23:28 50:58 Exporting data 29:21 39:56 56:04 1:07:26 Configuration, administration 14:07 31:09 32:51 57:45 Agile Iterations and Program Increments 40:53 49:15 52:05 Roles 17:45 Gadgets for Cofluence and Jira dashboards 56:37 Keyboard shortcuts 20:01 https://marketplace.atlassian.com/vendors/1211388/softwareplant
  • Who's Online   0 Members, 0 Anonymous, 10 Guests (See full list)

    There are no registered users currently online

×
×
  • Create New...