Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-29401

Cross-Site Request Forgery vulnerability

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      We have identified and fixed a cross-site request forgery (XSRF) vulnerability that affects JIRA instances, including publicly available instances (that is, Internet-facing servers).

      The XSRF vulnerability relates to commenting on issues. An attacker might take advantage of the vulnerability to make other users to post issue comments of his choice.

      You can read more about XSRF attacks at http://www.cgisecurity.com/csrf-faq.html and other places on the web.

      This vulnerability affects JIRA 4.2 and above, and has been fixed in JIRA 5.1

      More information is available in the advisory at http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-29401 Cross-Site Request Forgery vulnerability

          • Low - Low priority issues
          • Closed

          Activity

            People

              vosipov VitalyA
              vosipov VitalyA
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: