REST API attachment request still works with wrong/expired cookie

XMLWordPrintable

    • 1
    • Severity 2 - Major

      Summary

      If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code.

      Environment

      JIRA v1000.892.2

      Steps to Reproduce

      1. Use Cookie Based Authentication using a wrong/expired cookie
      2. Perform a REST API to get attachment {code}https://instance.atlassian.net/rest/api/2/attachment/\{id}{code}

      Expected Results

      • If you are using a wrong/expired cookie it should not return results.

      Actual Results

      • Using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code.

              Assignee:
              Unassigned
              Reporter:
              Janice Alor (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: