We have identified and fixed a cross-site request forgery (XSRF) vulnerability that affects JIRA instances, including publicly available instances (that is, Internet-facing servers).

The XSRF vulnerability relates to commenting on issues. An attacker might take advantage of the vulnerability to make other users to post issue comments of his choice.

You can read more about XSRF attacks at http://www.cgisecurity.com/csrf-faq.html and other places on the web.

This vulnerability affects JIRA 4.2 and above, and has been fixed in JIRA 5.1

More information is available in the advisory at http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28