Embedding JSD Widget on web page, first cookie set to ajs_group_id=null

XMLWordPrintable

      Issue Summary

      When embedding a JSD Widget on a webpage will result in a
      ajs_group_id=null cookie being set. According to https://www.briskinfosec.com/blogs/blogsdetail/Null-Byte-SQL-Injection having the first cookie value set to null could sometimes be a bad thing.

      In cases where the AWS SQLi protection rule is used, it will cause the Jira widget to get blocked due to having the first cookie ajs_group_id having a value of "null".

      Workaround

      There is currently no known method to bypass this AWS rule, which seems to be a false positive.

            Assignee:
            Unassigned
            Reporter:
            Paulo F. (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: