Help resolving vulnerability in auth-refresh file

Our security team has found a potential XSS vulnerability in a file called auth-fresh.js. Has anyone ever encountered this? I believe it has something to do with gadgets but that is as far as I have been able to determine. I can't find this JavaScript file on the server. The exact text of the message (from IBM app scan) is:

DOM based cross-site scripting

It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user

Any help would be appreciated.




1 answer

0 votes

Hi Thomas,

I checked my server and did not find any references to that file either.  I would look to see if you're running a third party script/add-on that could be causing this.  The only reference I found to that was here.  That came from this project.



Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

117 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you