Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.0
-
None
-
6
-
5
-
Description
Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example:
- SaveFilterResource: Allow XSRF attack to change user's filter.
- SuppressedTipsResource
- UserSearchModeResource
- PreferredSearchLayoutResource
- IssueTableResource: Allow XSRF attack to change the user's current search.
*...
Attachments
Issue Links
- is cloned from
-
JRADEV-23176 Loading...
- testing discovered
-
JRADEV-19275 Loading...