-
Type:
Suggestion
-
Resolution: Done
-
Component/s: None
GHCreateNewIssue.jspa is not protected against XSRF attacks.
Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa.
- has a derivative of
-
JSWCLOUD-6355 XSRF in com.pyxis.greenhopper.jira.actions.VersionBoardAction
-
- Closed
-
-
-
- Closed
-
1.
|
Add XSRF protection to LicenseAction |
|
Closed | Unassigned |
2.
|
Add XSRF protection to ConfigurationAction and subclasses (Global and Project) for all page pop methods |
|
Closed | Unassigned |
3.
|
Add XSRF protection to SetIssueDisplay on CardBoardAction |
|
Closed | Unassigned |