[ST-202] INSECURE VERSION OF JQUERY - Workterra Jira

Details

Type: Enhancement
Status: Closed
Priority: Medium
Resolution: Done
Component/s: BenAdmin
Labels:
None

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed
Issue Importance:
Must Have

Description

Impact
JQuery version 1.7.1 is vulnerable to an issue which that misinterprets selectors as HTML. Depending on the implementation, this misrepresentation could aid attackers in discovering or exploiting Cross-Site Scripting (XSS) attacks.

Page Impacted
https://www.workterra.net/BenAdmin/bundles/JQuery?v=GDyIzexPmDiBJ0URdNIHxEAx0xoaoH0x3SEjitOpW441

Verification and Attack Information
Praetorian confirmed this finding by looking up known exploits for jQuery libraries that the application leveraged.

Recommendation
Update jQuery libraries to the most recent version.

Attachments

Issue Links

relates to

ST-236 JQuery Migration : Un-linking old scripts and issues reproduce

Closed

ST-243 Reports Issues due to Jquery changes

Closed

WT-3230 Export > Unable to map fields on sub template due to issue on Field mapping page

Closed

WT-3231 Export > Sub Template > Edit Sub Template Field popup unable to Save/ Save and Close

Closed

WT-3342 Export > "Save & Add New" not working on subtemplate while adding new field

Closed

WT-3381 UI gets disturbed while repositioning the fields on Export AND import Subtemplate

Closed

WT-3433 ACA - JQuery issue on EIN Classes Mapping page

Closed

WT-3486 Unable to add /Update class on any company

Closed

WT-3506 Export > Data transformation UI issue

Closed

WT-3606 In Standard Reports, Report Branding Setting panel is scaled incorrectly.

Closed

(5 relates to)

Activity

Ascending order - Click to sort in descending order

Vijayendra Shinde (Inactive) created issue - 31/May/16 05:28 AM

Vijayendra Shinde (Inactive) made changes - 31/May/16 05:28 AM

Field	Original Value	New Value
Status	New Request [ 10029 ]	Pending for Approval [ 10002 ]

Vijayendra Shinde (Inactive) made changes - 31/May/16 05:28 AM

Status

Pending for Approval [ 10002 ]

Approved for Development [ 10003 ]

Vijayendra Shinde (Inactive) made changes - 31/May/16 05:28 AM

Status

Approved for Development [ 10003 ]

In Development [ 10007 ]

Vijayendra Shinde (Inactive) made changes - 31/May/16 05:28 AM

Assignee

Niteen Surwase [ niteen.surwase ]

Niteen Surwase (Inactive) made changes - 28/Jun/16 07:11 AM

Link

This issue relates to ~~ST-236~~ [ ~~ST-236~~ ]

Niteen Surwase (Inactive) made changes - 28/Jun/16 07:12 AM

Developer

Niteen Surwase [ niteen.surwase ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 07:28 AM

Link

This issue relates to ~~WT-3433~~ [ ~~WT-3433~~ ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 07:30 AM

Link

This issue relates to ~~WT-3381~~ [ ~~WT-3381~~ ]

Vijayendra Shinde (Inactive) made changes - 11/Jul/16 10:27 AM

Link

This issue relates to ~~ST-243~~ [ ~~ST-243~~ ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 11:52 AM

Link

This issue relates to ~~WT-3486~~ [ ~~WT-3486~~ ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 11:56 AM

Link

This issue relates to ~~WT-3231~~ [ ~~WT-3231~~ ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 11:57 AM

Link

This issue relates to ~~WT-3342~~ [ ~~WT-3342~~ ]

Niteen Surwase (Inactive) made changes - 11/Jul/16 11:58 AM

Link

This issue relates to ~~WT-3230~~ [ ~~WT-3230~~ ]

Niteen Surwase (Inactive) made changes - 18/Jul/16 05:33 AM

Link

This issue relates to ~~WT-3506~~ [ ~~WT-3506~~ ]

Niteen Surwase (Inactive) made changes - 18/Jul/16 05:49 AM

Assignee

Niteen Surwase [ niteen.surwase ]

Deepali Tidke [ deepalit ]

Niteen Surwase (Inactive) made changes - 18/Jul/16 08:38 AM

Item State

Parent values: Development(10200)Level 1 values: In Progress(10206)

Parent values: LB QA(10201)

Hide

Permalink

Deepali Tidke (Inactive) added a comment - 19/Jul/16 05:02 AM

Please look into this jira , this is parent jira for 4 attached sub jira's wherein 3 is with Aniruddha and 1 is with Priya.

Once child jiras are closed this jira can also be closed.

Show

Deepali Tidke (Inactive) added a comment - 19/Jul/16 05:02 AM Please look into this jira , this is parent jira for 4 attached sub jira's wherein 3 is with Aniruddha and 1 is with Priya. Once child jiras are closed this jira can also be closed.

Deepali Tidke (Inactive) made changes - 19/Jul/16 05:02 AM

Assignee

Deepali Tidke [ deepalit ]

Hrishikesh Deshpande [ hrishikesh.deshpande ]

Hrishikesh Deshpande (Inactive) made changes - 20/Jul/16 06:16 AM

Status

In Development [ 10007 ]

Local Testing [ 10200 ]

Hrishikesh Deshpande (Inactive) made changes - 02/Aug/16 06:05 AM

Item State

Parent values: LB QA(10201)

Parent values: Stage QA(10202)Level 1 values: In Testing(10214)

Hrishikesh Deshpande (Inactive) made changes - 02/Aug/16 06:05 AM

Status

Local Testing [ 10200 ]

Pending for Stage Approval [ 10300 ]

Hrishikesh Deshpande (Inactive) made changes - 02/Aug/16 06:05 AM

Status

Pending for Stage Approval [ 10300 ]

Approved for Stage [ 10030 ]

Hrishikesh Deshpande (Inactive) made changes - 02/Aug/16 06:05 AM

Status

Approved for Stage [ 10030 ]

Stage Testing [ 10201 ]

Niteen Surwase (Inactive) made changes - 03/Aug/16 07:01 AM

Link

This issue relates to ~~WT-3606~~ [ ~~WT-3606~~ ]

Niteen Surwase (Inactive) made changes - 03/Sep/16 09:36 AM

Item State

Parent values: Stage QA(10202)Level 1 values: In Testing(10214)

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Hide

Permalink

Niteen Surwase (Inactive) added a comment - 03/Sep/16 09:41 AM

Hi Hrishikesh Deshpande

CC: Vijayendra Shinde, Samir

Minified version of Jquery migration file is going on production.
Please make sure that JQuery is working all over project.

Show

Niteen Surwase (Inactive) added a comment - 03/Sep/16 09:41 AM Hi Hrishikesh Deshpande CC: Vijayendra Shinde , Samir Minified version of Jquery migration file is going on production. Please make sure that JQuery is working all over project.

Niteen Surwase (Inactive) made changes - 03/Sep/16 10:34 AM

Item State

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Ashwin Wankhede (Inactive) made changes - 03/Sep/16 12:23 PM

Item State

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)

Hrishikesh Deshpande (Inactive) made changes - 06/Sep/16 06:25 AM

Item State

Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)

Parent values: Production QA(10203)Level 1 values: In Testing(10218)

Hrishikesh Deshpande (Inactive) made changes - 06/Sep/16 06:25 AM

Status

Stage Testing [ 10201 ]

Pending for Production Approval [ 10301 ]

Hrishikesh Deshpande (Inactive) made changes - 06/Sep/16 06:25 AM

Status

Pending for Production Approval [ 10301 ]

Approved for production [ 10034 ]

Hrishikesh Deshpande (Inactive) made changes - 06/Sep/16 06:25 AM

Status

Approved for production [ 10034 ]

Production Testing [ 10202 ]

Ashwin Wankhede (Inactive) made changes - 06/Sep/16 12:58 PM

Item State

Parent values: Production QA(10203)Level 1 values: In Testing(10218)

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Hide

Permalink

Hrishikesh Deshpande (Inactive) added a comment - 07/Sep/16 12:38 PM

Niteen Surwase

At some pages we are getting below warning message. Please Check and revert JIRA to me in case this is not any issues.

JQuery?v=ViMkAeLAhvSUBhZYWgSG5B7cvNrLv_RJneRiMf9ggoc1:1 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience.

Thanks,
Hrishikesh.

CC : Vijayendra Shinde

Show

Hrishikesh Deshpande (Inactive) added a comment - 07/Sep/16 12:38 PM Niteen Surwase At some pages we are getting below warning message. Please Check and revert JIRA to me in case this is not any issues. JQuery?v=ViMkAeLAhvSUBhZYWgSG5B7cvNrLv_RJneRiMf9ggoc1:1 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. Thanks, Hrishikesh. CC : Vijayendra Shinde

Hrishikesh Deshpande (Inactive) made changes - 07/Sep/16 12:38 PM

Assignee

Hrishikesh Deshpande [ hrishikesh.deshpande ]

Niteen Surwase [ niteen.surwase ]

Hide

Permalink

Niteen Surwase (Inactive) added a comment - 07/Sep/16 12:54 PM

Hi Hrishikesh Deshpande

Please ignore this warning and refer following excelsheet from SVN to Ignore warning list for future
\WT\JQuery Migration\Errors-Warnings to Ignore.xls

CC: Vijayendra Shinde, Samir

Show

Niteen Surwase (Inactive) added a comment - 07/Sep/16 12:54 PM Hi Hrishikesh Deshpande Please ignore this warning and refer following excelsheet from SVN to Ignore warning list for future \WT\JQuery Migration\Errors-Warnings to Ignore.xls CC: Vijayendra Shinde , Samir

Niteen Surwase (Inactive) made changes - 07/Sep/16 12:54 PM

Assignee

Niteen Surwase [ niteen.surwase ]

Hrishikesh Deshpande [ hrishikesh.deshpande ]

Hrishikesh Deshpande (Inactive) made changes - 07/Sep/16 12:56 PM

Item State

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Parent values: Production Complete(10222)Level 1 values: Closed(10223)

Hrishikesh Deshpande (Inactive) made changes - 07/Sep/16 12:56 PM

Resolution		Fixed [ 1 ]
Status	Production Testing [ 10202 ]	Production Complete [ 10028 ]

Hide

Permalink

Hrishikesh Deshpande (Inactive) added a comment - 07/Sep/16 12:57 PM

Verified that JQuery is working on WT production site properly. No any issue observed and additional issues are closed.

Show

Hrishikesh Deshpande (Inactive) added a comment - 07/Sep/16 12:57 PM Verified that JQuery is working on WT production site properly. No any issue observed and additional issues are closed.

Hrishikesh Deshpande (Inactive) made changes - 07/Sep/16 12:57 PM

Status

Production Complete [ 10028 ]

Closed [ 6 ]

Transition	Time In Source Status	Execution Times

Vijayendra Shinde (Inactive) made transition - 31/May/16 05:28 AM

New Request

Pending for Approval

Vijayendra Shinde (Inactive) made transition - 31/May/16 05:28 AM

Pending for Approval

Approved for Development

Vijayendra Shinde (Inactive) made transition - 31/May/16 05:28 AM

Approved for Development

In Development

Hrishikesh Deshpande (Inactive) made transition - 20/Jul/16 06:16 AM

In Development

In LB Testing

50d 47m

Hrishikesh Deshpande (Inactive) made transition - 02/Aug/16 06:05 AM

In LB Testing

Pending for Stage Approval

12d 23h 49m

Hrishikesh Deshpande (Inactive) made transition - 02/Aug/16 06:05 AM

Pending for Stage Approval

Approved for Stage

Hrishikesh Deshpande (Inactive) made transition - 02/Aug/16 06:05 AM

Approved for Stage

Stage Testing

Hrishikesh Deshpande (Inactive) made transition - 06/Sep/16 06:25 AM

Stage Testing

Pending for Production Approval

35d 19m

Hrishikesh Deshpande (Inactive) made transition - 06/Sep/16 06:25 AM

Pending for Production Approval

Approved for production

Hrishikesh Deshpande (Inactive) made transition - 06/Sep/16 06:25 AM

Approved for production

In Production Testing

Hrishikesh Deshpande (Inactive) made transition - 07/Sep/16 12:56 PM

In Production Testing

Production Complete

1d 6h 31m

Hrishikesh Deshpande (Inactive) made transition - 07/Sep/16 12:57 PM

Production Complete

Closed

People

Assignee:: Hrishikesh Deshpande (Inactive)

Reporter:: Vijayendra Shinde (Inactive)

Developer:: Niteen Surwase (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 31/May/16 05:28 AM

Updated:: 07/Sep/16 12:57 PM

Resolved:: 07/Sep/16 12:56 PM