The proof of concept (PoC) code is as follows: function doit() { var target = ‘URL of GitLab EE>'; alert(‘You clicked on “‘ + target + ’”!’); } When viewing an issue in Jira, an attacker can exploit this vulnerability by clicking on the “doit()” JavaScript code link to execute arbitrary code in GitLab. Stored Cross-Site Scripting (XSS) vulnerabilities occur when user input is not validated or sanitized before being sent to the server. An attacker can exploit stored XSS vulnerabilities in Jira integration in GitLab EE by sending an HTTP request with malicious script code that would be executed in the context of the user who views the issue in Jira. The attacker must trick the victim into visiting a malicious website or be able to trick the victim into clicking on a link sent by the attacker. The PoC code for XSS is as follows: script>alert(‘You clicked on ‘+target+’!’);/script> When viewing an issue in Jira, an attacker can exploit this vulnerability by sending a request with malicious script code to GitLab, which is then executed in the context of the user who views the issue in Jira. To exploit this vulnerability, the attacker must trick the victim into visiting a malicious website or be able to trick the victim into clicking on a link sent by the

What is Jira?

Jira is a widely used collaboration platform for product development. Jira is also widely used for project management and as an enterprise ticketing system. It can be accessed from different tools, like GitLab, Microsoft Visual Studio Team Services, and Atlassian Stash.

Description of Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting or Stored XSS vulnerabilities occur when user input is not validated or sanitized before being sent to the server. It happens when a website stores data in a database and displays it back to the user without properly filtering out malicious code. The PoC code for Stored XSS exploits is as follows: script>alert(‘You clicked on ‘+target+’!’);/script>
When viewing an issue in Jira, an attacker can exploit this vulnerability by sending a request with malicious script code to GitLab, which is then executed in the context of the user who views the issue in Jira. An attacker must trick the victim into visiting a malicious website or be able to trick the victim into clicking on a link sent by the attacker.

Timeline

Published on: 06/06/2022 17:15:00 UTC
Last modified on: 06/13/2022 18:33:00 UTC

References