Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.6.0
Affects Version/s: None
Component/s: Security - Other
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

As pointed out in ~~STASH-5335~~, the
TemporaryAvatarController.save resource is vulnerable to CSRF. Currently there appears to be no impact of it being vulnerable except for making a user upload a temporary avatar file (which are periodically deleted).

Attachments

Issue Links

relates to

BSERV-5335 User avatar upload endpoint is vulnerable to XSRF

Closed

Is related to: SCT-1985 Loading...

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Marcin

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Oct/2014 1:32 AM

Updated:: 16/Feb/2017 2:07 AM

Resolved:: 06/Jan/2015 4:59 AM