Help resolving vulnerability in auth-refresh file

Our security team has found a potential XSS vulnerability in a file called auth-fresh.js. Has anyone ever encountered this? I believe it has something to do with gadgets but that is as far as I have been able to determine. I can't find this JavaScript file on the server. The exact text of the message (from IBM app scan) is:

DOM based cross-site scripting

It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user

Any help would be appreciated.

Thanks.

 

 

1 answer

0 votes

Hi Thomas,

I checked my server and did not find any references to that file either.  I would look to see if you're running a third party script/add-on that could be causing this.  The only reference I found to that was here.  That came from this project.

Cheers,

Branden

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 16, 2018 in Jira

Looking for anyone who made the switch to Data Center

The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...

1,416 views 17 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you