Details
-
Suggestion
-
Resolution: Done
-
None
Description
GHCreateNewIssue.jspa is not protected against XSRF attacks.
Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa.
Attachments
Issue Links
- has a derivative of
-
JSWCLOUD-6355 XSRF in com.pyxis.greenhopper.jira.actions.VersionBoardAction
- Closed
-
JSWCLOUD-6356 XSRF com.pyxis.greenhopper.jira.actions.TaskBoardAction
- Closed
1.
|
Add XSRF protection to LicenseAction | Closed | Unassigned | |
2.
|
Add XSRF protection to ConfigurationAction and subclasses (Global and Project) for all page pop methods | Closed | Unassigned | |
3.
|
Add XSRF protection to SetIssueDisplay on CardBoardAction | Closed | Unassigned |