Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-27786

/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

    XMLWordPrintable

Details

    Description

      The AcknowledgeTask.jspa page found under
      http://$HOST/secure/admin/jira/AcknowledgeTask.jspa
      can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw.

      Here is an example url which will direct a user to http://google.com

      http://$HOST/secure/admin/jira/AcknowledgeTask.jspa?taskId=2&destinationURL=http://google.com?%3B%3F&Acknowledge=Acknowledge

      Attachments

        Issue Links

          mentioned in

          Wiki Page Loading...

          Activity

            People

              edalgliesh Eric Dalgliesh
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: