Add an Engagement's branch_tag in Jira Epic's description #13270
Conversation
🔴 Risk threshold exceeded.This pull request modifies dojo/jira_link/helper.py and includes sensitive-path edits and a potential stored XSS: user-controlled fields (engagement.name and engagement.branch_tag) are directly concatenated into a Jira issue description and sent without explicit sanitization, which could allow stored cross-site scripting in Jira. The scanner flags the file for sensitive edits (configurable via .dryrunsecurity.yaml) and warns about the XSS risk.
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
Stored XSS in Jira Description in dojo/jira_link/helper.py
| Vulnerability | Stored XSS in Jira Description |
|---|---|
| Description | The engagement.name and engagement.branch_tag fields, which are likely user-controlled, are directly concatenated to form the description field of a Jira issue. This description is then sent to the Jira API without explicit sanitization or encoding in the application code. If Jira's rendering engine for issue descriptions does not adequately sanitize or escape malicious input (e.g., HTML or specific Jira markup that can execute client-side scripts), an attacker could inject and store malicious scripts. These scripts would then execute in the browsers of other users viewing the affected Jira issue, leading to Stored Cross-Site Scripting (XSS). |
django-DefectDojo/dojo/jira_link/helper.py
Lines 1412 to 1415 in 0ef0eb2
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
🔴 Risk threshold exceeded.This pull request modifies dojo/jira_link/helper.py and contains sensitive edits to that file, and it also introduces or leaves unchanged code that concatenates user-controlled engagement.name and engagement.branch_tag into Jira issue descriptions without sanitization, creating a stored XSS risk when those descriptions are rendered in Jira.
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/jira_link/helper.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
Stored XSS in Jira Description in dojo/jira_link/helper.py
| Vulnerability | Stored XSS in Jira Description |
|---|---|
| Description | The engagement.name and engagement.branch_tag fields, which are assumed to be user-controlled, are directly concatenated to form the description field of a Jira issue. This description is then sent to the Jira API via the jira-python library without explicit sanitization or encoding in the application code. Research into Jira vulnerabilities confirms that Jira's rendering engine for issue descriptions has been susceptible to XSS if malicious input (e.g., HTML or specific Jira markup that can execute client-side scripts) is not adequately sanitized or escaped. Without application-level sanitization or explicit sanitization by the jira-python library, an attacker could inject and store malicious scripts in these fields. These scripts would then execute in the browsers of other users viewing the affected Jira issue, leading to Stored Cross-Site Scripting (XSS). |
django-DefectDojo/dojo/jira_link/helper.py
Lines 1410 to 1413 in 7bc1835
Stored XSS in Jira Description in dojo/jira_link/helper.py
| Vulnerability | Stored XSS in Jira Description |
|---|---|
| Description | The engagement.name and engagement.branch_tag fields, which are likely user-controlled, are directly concatenated to form the description field of a Jira issue. This description is then sent to the Jira API without explicit sanitization or encoding in the application code. Research indicates that Jira's rendering engines (Wiki Markup/Markdown) have been vulnerable to XSS, and the jira-python library does not perform input sanitization. This allows an attacker to inject and store malicious scripts that execute in the browsers of other users viewing the affected Jira issue. |
django-DefectDojo/dojo/jira_link/helper.py
Lines 1451 to 1454 in 7bc1835
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
5 participants
[sc-11825]