Vulnerability notification: RemindMe for Jira

Summary

JavaScript code can be injected into the “RemindMe about <issue> Issue” dialog and the email client of any user

Advisory Release Date

2 November 2020 

Product

RemindMe for Jira

Affected Versions

all RemindMe for Jira versions until 1.3.2

Fixed Version

1.3.3

Problem

We were able to identify two security vulnerabilities in our RemindMe for Jira app.

The first vulnerability allows any logged-in user to inject JavaScript code into the “RemindMe about <issue> Issue” dialog. This malicious code would then be executed in the viewing user's context and allows to perform all actions in the user's scope.

The second vulnerability allows any user with permissions to change the displayed name to inject JavaScript code into the email client of any user with the email that RemindMe for Jira sends to the user. This malicious code would then be executed in the email client of the user and allows to perform all actions in the user's scope. The most email clients filter this kind of attack.

The vulnerability has been rated as P3 (Medium) according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).

All versions of RemindMe for Jira until version 1.3.2 are affected by this vulnerability.

Solution

If you are using an affected version of RemindMe for Jira, please immediately upgrade to version 1.3.3.

Root Cause

Because of incorrect escaping our app would render some information from Jira as HTML. This qualifies as cross-site scripting (XSS) vulnerability. The HTML code which might contain JavaScript will then be executed in the context of the user viewing the content. This kind of vulnerability could be exploited for different attacks, including an escalation of privileges.