Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
3.5
-
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
The JIRA issue collector REST API is vulnerable to CSRF:
curl -X POST 'https://example.com/rest/collectors/1.0/template/custom/<collector_id>' --data 'pid=<project_id>&summary=testwithcurl&description=mydesc'
Attachments
Issue Links
- relates to
-
JRACLOUD-44198 CSRF vulnerability in the issue collector
- Closed
- mentioned in
-
Page Loading...