Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-29401

Cross-Site Request Forgery vulnerability

XMLWordPrintable

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      We have identified and fixed a cross-site request forgery (XSRF) vulnerability that affects JIRA instances, including publicly available instances (that is, Internet-facing servers).

      The XSRF vulnerability relates to commenting on issues. An attacker might take advantage of the vulnerability to make other users to post issue comments of his choice.

      You can read more about XSRF attacks at http://www.cgisecurity.com/csrf-faq.html and other places on the web.

      This vulnerability affects JIRA 4.2 and above, and has been fixed in JIRA 5.1

      More information is available in the advisory at http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28

              vosipov VitalyA
              vosipov VitalyA
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: