Detections
Analytics
Okta Jira Authenticator < 3.1.5 Cross-Site Scripting
medium Web App Scanning Plugin ID 113339
Language:
Synopsis
Okta Jira Authenticator < 3.1.5 Cross-Site ScriptingDescription
Okta Jira Authenticator toolkit versions below 3.1.5 suffer from a reflected Cross-Site Scripting (XSS) vulnerability. By injecting a specific payload in the `os_username` GET parameter, a remote unauthenticated attacker can execute arbitrary JavaScript code in the browser context of the target vulnerable Jira instance users.Solution
Upgrade Okta Jira Authenticator to version 3.1.5 or later.See Also
Plugin Details
Severity: Medium
ID: 113339
Type: remote
Family: Component Vulnerability
Published: 9/6/2022
Updated: 9/6/2022
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score Source: Tenable
Vulnerability Information
Exploit Ease: No known exploits are available
Reference Information
CWE: 79
OWASP: 2010-A2, 2013-A3, 2013-A9, 2017-A7, 2017-A9, 2021-A3, 2021-A6
WASC: Cross-Site Scripting
CAPEC: 209, 588, 591, 592, 63, 85
DISA STIG: APSC-DV-002490, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.3.3