Need help resolving the vulnerabilities

Hi, 

We are in middle of production setup and held up with security scans in the test environment. 

We are using Confluence 5.10.6 Commercial edition. During the dynamic scans, the Qualys tool found the following vulnerabilities.

1) 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities

a) XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser.......

Detection Information
Parameter
It has been detected by exploiting the parameter jql
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication
In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:

comment: A significant portion of the XSS test payload appeared in the web page, but the response content type is non-HTML.
Response content-type: application/json

Access path:    https://xx.xx.com/plugins/servlet/Wallboard/?dashboardId=10000

 

2) 150022 Syntax Error Occurred

 https://xx.xx.com/plugins/servlet/gadgets/dashboard-diagnostics

Detection Information
Request
AJAX request was used to detect this finding: https://xx.gm.com/plugins/servlet/gadgets/dashboard-diagnostics
Parameter
It has been detected by exploiting the parameter uri
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication
In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:

The reflected string on the response webpage indicates that the vulnerability test was successful

 

2 answers

0 votes

These reports are totally unclear on what the attack vectors are.  What form would an attack on the server take using them?

0 votes
Volodymyr Krupach Community Champion Nov 22, 2016

Hi Anand,

I remember passing these vulnerabilities scans for the internal network and for a custom web-application to comply with some security standard.

For vulnerabilities concerning 3-rd party webapplication like JIRA for you, we closed the holes by adding rules to proxy apache server. Please be aware that by doing this you can break JIRA functionality that relies on URL you closed.

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

239 views 0 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot