This advisory discloses a medium severity security vulnerability in the ActionableAgile for Jira plugin for Server and Data Center instances. All versions of this plugin up to and including 3.9.3.1 are affected by this vulnerability.
...
There is a cross-site-scripting (XSS) vulnerability affecting the ActionableAgile for Jira (Server or Data Center) plugin that can be potentially exploited by xxx by xxx. In a successful exploitation of this vulnerability, an attacker could potentially execute arbitrary code on the system. XSS vulnerabilities allow an attacker to embed their own JavaScript into a page.
This vulnerability affects all versions up to and including 3.9.3.1.
Acknowledgements
Thanks to xxx visat for finding and reporting this vulnerability via our Bug Bounty program hosted through BugCrowd.
...
Check whether your Jira server/DC instance has the vulnerable plugin installed or not. To do this, go to your applications and search for “ActionableAgile for Jira” plugin. If it is installed, check the version. If the version is less than 3.9.3.14, then the instance is vulnerable.
...
If you have questions or concerns regarding this advisory, please raise a support request via our support desk.
Last modified on May 10, 2021