Help resolving vulnerability in auth-refresh file

Thomas Douglas June 27, 2017

Our security team has found a potential XSS vulnerability in a file called auth-fresh.js. Has anyone ever encountered this? I believe it has something to do with gadgets but that is as far as I have been able to determine. I can't find this JavaScript file on the server. The exact text of the message (from IBM app scan) is:

DOM based cross-site scripting

It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user

Any help would be appreciated.

Thanks.

 

 

1 answer

0 votes
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 30, 2017

Hi Thomas,

I checked my server and did not find any references to that file either.  I would look to see if you're running a third party script/add-on that could be causing this.  The only reference I found to that was here.  That came from this project.

Cheers,

Branden

Suggest an answer

Log in or Sign up to answer