-
Bug
-
Resolution: Fixed
-
Low
-
None
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
We have identified and fixed 2 open redirect vulnerabilities that affect JIRA instances, including publicly available instances (that is, Internet-facing servers).
Parameter-based redirection vulnerabilities allow an attacker to craft a JIRA URL in such a way that a user clicking on this URL will be redirected to a different web site. This can be used for phishing.
These vulnerabilities affect JIRA 4.3.3 and above, and have been fixed in JIRA 5.1.1.
More information is available in the advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28
- is related to
-
JRASERVER-29400 Open Redirect vulnerabilities
- Closed