logout.action is not protected against XSRF - CVE-2012-6342

XMLWordPrintable

      Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment.

            Assignee:
            Unassigned
            Reporter:
            Robert Gilbert
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: