/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

XMLWordPrintable

    • 5
    • 4.3

      The AcknowledgeTask.jspa page found under
      http://$HOST/secure/admin/jira/AcknowledgeTask.jspa
      can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw.

      Here is an example url which will direct a user to http://google.com

      http://$HOST/secure/admin/jira/AcknowledgeTask.jspa?taskId=2&destinationURL=http://google.com?%3B%3F&Acknowledge=Acknowledge

              Assignee:
              Eric Dalgliesh
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: