Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.3.6
Affects Version/s: 3.5.13, 4.2
Component/s: None
Labels:
Environment:

standalone

CVSS Score:
5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

When checking the application for security leaks, I found that the actions doeditpage, domovepage and docreatepage explicitly set the requireSecurityToken=false in the xwork.xml. This could be a possible leak in an attack scenario. Is there a reason, why these actions should not require the security token, perhaps incompatibilities,...?

Attachments

Issue Links

mentioned in: Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: Chii

Reporter:: Michael Ammann

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 19/Oct/2011 11:45 AM

Updated:: 11/Oct/2018 9:00 AM

Resolved:: 16/Jan/2013 3:47 AM