Need help resolving the vulnerabilities

Hi, 

We are in middle of production setup and held up with security scans in the test environment. 

We are using Confluence 5.10.6 Commercial edition. During the dynamic scans, the Qualys tool found the following vulnerabilities.

1) 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities

a) XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser.......

Detection Information
Parameter
It has been detected by exploiting the parameter jql
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication
In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:

comment: A significant portion of the XSS test payload appeared in the web page, but the response content type is non-HTML.
Response content-type: application/json

Access path:    https://xx.xx.com/plugins/servlet/Wallboard/?dashboardId=10000

 

2) 150022 Syntax Error Occurred

 https://xx.xx.com/plugins/servlet/gadgets/dashboard-diagnostics

Detection Information
Request
AJAX request was used to detect this finding: https://xx.gm.com/plugins/servlet/gadgets/dashboard-diagnostics
Parameter
It has been detected by exploiting the parameter uri
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication
In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:

The reflected string on the response webpage indicates that the vulnerability test was successful

 

2 answers

This widget could not be displayed.

These reports are totally unclear on what the attack vectors are.  What form would an attack on the server take using them?

This widget could not be displayed.

Hi Anand,

I remember passing these vulnerabilities scans for the internal network and for a custom web-application to comply with some security standard.

For vulnerabilities concerning 3-rd party webapplication like JIRA for you, we closed the holes by adding rules to proxy apache server. Please be aware that by doing this you can break JIRA functionality that relies on URL you closed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

286 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you