-
Bug
-
Resolution: Fixed
-
Low
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
We have identified and fixed a cross-site request forgery (XSRF) vulnerability that affects JIRA instances, including publicly available instances (that is, Internet-facing servers).
The XSRF vulnerability relates to commenting on issues. An attacker might take advantage of the vulnerability to make other users to post issue comments of his choice.
You can read more about XSRF attacks at http://www.cgisecurity.com/csrf-faq.html and other places on the web.
This vulnerability affects JIRA 4.2 and above, and has been fixed in JIRA 5.1
More information is available in the advisory at http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28
- is related to
-
JRASERVER-29401 Cross-Site Request Forgery vulnerability
- Closed