Uploaded image for project: 'Jira Software Cloud'
  1. Jira Software Cloud
  2. JSWCLOUD-5676

GH Webwork actions are vulnerable to XSRF.

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      GHCreateNewIssue.jspa is not protected against XSRF attacks.
      Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa.

      Attachments

        Issue Links

          has a derivative of

          Bug - A problem which impairs or prevents the functions of the product. JSWCLOUD-6355 XSRF in com.pyxis.greenhopper.jira.actions.VersionBoardAction

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JSWCLOUD-6356 XSRF com.pyxis.greenhopper.jira.actions.TaskBoardAction

          • High - High priority issues
          • Closed

          Activity

            People

              mtokar Michael Tokar
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: