CSRF vulnerability in the issue collector

XMLWordPrintable

    • 3.5

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      The JIRA issue collector REST API is vulnerable to CSRF:

      curl -X POST 'https://example.com/rest/collectors/1.0/template/custom/<collector_id>' --data 'pid=<project_id>&summary=testwithcurl&description=mydesc'

              Assignee:
              Piotr Klimkowski (Inactive)
              Reporter:
              Luis Miranda (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: