Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.0.6
Affects Version/s: 6.0
Component/s: None
Labels:

Introduced in Version:
6
CVSS Score:
5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example:

SaveFilterResource: Allow XSRF attack to change user's filter.
SuppressedTipsResource
UserSearchModeResource
PreferredSearchLayoutResource
IssueTableResource: Allow XSRF attack to change the user's current search.
*...

Attachments

Issue Links

is cloned from: JRADEV-23176 Loading...

testing discovered: JRADEV-19275 Loading...

Activity

People

Assignee:: Eric Dalgliesh

Reporter:: bain

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Jul/2013 8:18 AM

Updated:: 28/Mar/2019 12:10 AM

Resolved:: 06/Aug/2013 1:23 AM