As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use.

      We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper functionality.

      When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in our JSPs.

            [CONFSERVER-22707] Admin JSPs don't have XSRF protection

            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25262 [ CONFSERVER-25262 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25263 [ CONFSERVER-25263 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25264 [ CONFSERVER-25264 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25266 [ CONFSERVER-25266 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25267 [ CONFSERVER-25267 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25269 [ CONFSERVER-25269 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25270 [ CONFSERVER-25270 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25271 [ CONFSERVER-25271 ]
            set-jac-bot made changes -
            Link New: This issue details CONFSERVER-25272 [ CONFSERVER-25272 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2889896 ] New: CONFSERVER Bug Workflow v4 [ 2982259 ]

              xtaixe Xavier Sanchez
              matt@atlassian.com Matt Ryall
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: