[JSWCLOUD-5778] Add XSRF protection to ConfigurationAction and subclasses (Global and Project) for all page pop methods

Type: Sub-task
Resolution: Fixed
Priority: Low
Fix Version/s: 6.0.4
Affects Version/s: None
Component/s: None
Labels:

Form Name

Peter Obara added a comment - 06/Sep/2012 4:47 AM

GlobalConfigurationActions still vulnerable - missing RequiresXSRFCheck annotation

Peter Obara added a comment - 06/Sep/2012 4:47 AM GlobalConfigurationActions still vulnerable - missing RequiresXSRFCheck annotation

jhinch (Atlassian) added a comment - 05/Sep/2012 1:14 AM

The following URLs should now be protected:

Project Configuration

SetDefaultLayout.jspa
ApplyLayoutToAll.jspa
SetCorner.jspa
DefaultCardColor.jspa
ResetStepDefinition.jspa

Global Configuration

GHSetDefaultLayout.jspa
GHApplyLayoutToAll.jspa
GHSetCorner.jspa
GHDefaultCardColor.jspa
GHResetStepDefinition.jspa

jhinch (Atlassian) added a comment - 05/Sep/2012 1:14 AM The following URLs should now be protected: Project Configuration SetDefaultLayout.jspa ApplyLayoutToAll.jspa SetCorner.jspa DefaultCardColor.jspa ResetStepDefinition.jspa Global Configuration GHSetDefaultLayout.jspa GHApplyLayoutToAll.jspa GHSetCorner.jspa GHDefaultCardColor.jspa GHResetStepDefinition.jspa

David Black added a comment - 31/Aug/2012 6:11 AM

CVSS score: 5 => Medium severity

Exploitability Metrics

AccessVector	Network
AccessComplexity	Low
Authentication	None

Impact Metrics

ConfImpact	None
IntegImpact	Partial
AvailImpact	None

See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator.

David Black added a comment - 31/Aug/2012 6:11 AM CVSS score: 5 => Medium severity Exploitability Metrics AccessVector Network AccessComplexity Low Authentication None Impact Metrics ConfImpact None IntegImpact Partial AvailImpact None See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator.

Assignee:: Unassigned

Reporter:: jhinch (Atlassian)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 30/Aug/2012 3:01 AM

Updated:: 29/Aug/2019 12:49 AM

Resolved:: 12/Sep/2012 3:46 AM

Details

Attachments

Forms

Activity

Collapse comment: Peter Obara added a comment - 06/Sep/2012 4:47 AM

Expand comment: Peter Obara added a comment - 06/Sep/2012 4:47 AM

Collapse comment: jhinch (Atlassian) added a comment - 05/Sep/2012 1:14 AM

Project Configuration

Global Configuration

Expand comment: jhinch (Atlassian) added a comment - 05/Sep/2012 1:14 AM

Collapse comment: David Black added a comment - 31/Aug/2012 6:11 AM

Expand comment: David Black added a comment - 31/Aug/2012 6:11 AM

People

Dates