Details
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
The jsp located at /views/importall_result.jsp logs users out without any confirmation (csrf logout!) and it shouldn't do so without user confirmation.
Attachments
Issue Links
- relates to
-
JRACLOUD-28073 Import Results action / jsp is susceptible to XSRF
- Closed