Loading...

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.0.6
Affects Version/s: 6.0
Component/s: None
Labels:

Introduced in Version:
6
CVSS Score:
5

Most of the REST resources in the Navigator plugin accept "x-www-form-urlencoded" bodies but do not check for an XSRF token when making mutative changes. For example:

SaveFilterResource: Allow XSRF attack to change user's filter.
SuppressedTipsResource
UserSearchModeResource
PreferredSearchLayoutResource
IssueTableResource: Allow XSRF attack to change the user's current search.
*...

is cloned from: JRADEV-23176 Loading...

testing discovered: JRADEV-19275 Loading...

Assignee:: Eric Dalgliesh
Reporter:: bain
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 11/Jul/2013 8:18 AM
Updated:: 28/Mar/2019 12:10 AM
Resolved:: 06/Aug/2013 1:23 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates