request #31586 XSS in the tooltip via an artifact title

Artifact

Infos

Artifact ID#31586

Submitted byThomas Gerbet (tgerbet)

Last Modified On2023-05-02 08:17

Submitted on2023-04-20 14:33

Rank33189

Details

Summary *

XSS in the tooltip via an artifact title

Original Submission

The title of an artifact is not properly escaped in the tooltip.

Impact

A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code.
CVSSv3.1 score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Exploitation

The issue can be demonstrated by creating an artifact with a title like <img src=a onerror=alert(1)> and then display the artifact in a tooltip (using a cross reference for example).

References

CWE 79
OWASP Cross-site Scripting
Issue has been introduced by git #tuleap/stable/b61c1f3ffad022fc7347973e5d3bc4c87f2c57dc (Tuleap 14.7.99.76)
CVE-2023-30619

CategoryTrackers

Reported in versiondevelopment

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toNicolas Terray (nterray)

StatusClosed

Close date2023-04-21

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #30365	Tuleap	Releases	14.8	Delivered	2023-04-27 16:40	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #31586

Git commit

tuleap/tuleap/stable

Fix request #31586: XSS in the tooltip via an artifact title fdc93a736c

Nicolas Terray (nterray) , 2023-04-20 18:16

Merge commit 'refs/changes/26/28426/4' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 46737b74e0

Marie Ange Garnier (marieange) , 2023-04-21 10:13

Show items referenced by request #31586

Referenced by request #31586

Artifact Tracker v5

rel #30365 14.8

Git commit

tuleap/tuleap/stable

feat: Display artifact title in tooltip master b61c1f3ffa

Nicolas Terray (nterray) , 2023-04-06 19:12

Fix request #31586: XSS in the tooltip via an artifact title fdc93a736c

Nicolas Terray (nterray) , 2023-04-20 18:16

Other

gerrit #28426

Follow-ups

Thomas Gerbet (tgerbet)

2023-05-02 08:17

Public disclosure.

Thomas Gerbet (tgerbet)

2023-04-24 10:02

CVE-2023-30619 has been assigned to this issue.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Marie Ange Garnier (marieange)

2023-04-21 10:14

gerrit #28426 integrated into Tuleap 14.7.99.143

Connected artifacts
- Added Fixed in: rel #30365

Tracker Workflow Manager (forge__tracker_workflow_manager)

2023-04-21 10:14

request fixed by @nterray with git #tuleap/stable/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df.

Status changed from Under implementation to Closed
Close date set to 2023-04-21

Nicolas Terray (nterray)

2023-04-20 14:37

Please review gerrit #28426