admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-168xx/CVE-2017-16860.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

143 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-16860",
"sourceIdentifier": "security@atlassian.com",
"published": "2018-05-14T13:29:00.353",
"lastModified": "2024-11-21T03:17:07.093",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message."
},
{
"lang": "es",
"value": "La plantilla invalidRedirectUrl en Atlassian Application Links en versiones anteriores a la 5.2.7, desde la versi\u00f3n 5.3.0 hasta la 5.3.4 y desde la 5.4.0 hasta la 5.4.3 permite que los atacantes remotos inyecten c\u00f3digo JavaScript o HTML arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el enlace del par\u00e1metro redirectUrl en el mensaje de advertencia de redirecci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.7",
"matchCriteriaId": "E48B5EFD-618A-41A2-8CA9-B181E80230B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "5.3.4",
"matchCriteriaId": "CB5BEC1E-10C4-4483-B465-11BC0DBD8676"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.0",
"versionEndExcluding": "5.4.3",
"matchCriteriaId": "62C0EA11-1465-4133-979E-FDD8F5504043"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/104188",
"source": "security@atlassian.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://ecosystem.atlassian.net/browse/APL-1363",
"source": "security@atlassian.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/104188",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://ecosystem.atlassian.net/browse/APL-1363",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink