Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-20347

Moving an issue in a Kanban board causing logging to atlassian-jira-security.log.

XMLWordPrintable

      Issue Summary

      Jira is logging in the atlassian-jira-security.log when you move an issue in Kanban board.

      Steps to Reproduce

      1. Install default instance
      2. Create Kanban project
      3. Create new Issue for Project (I used bug).
      4. Move the issue in the Kanban board to anywhere.

      The following line is logged in the atlassian-jira-security.log

      Expected Results

      Nothing should be logged as nothing is installed that is doing anything.

      Actual Results

      The below is logged in the atlassian-jira-security.log file:

      2019-12-03 10:59:43,920 http-nio-8080-exec-9 jiraadmin 659x2200x1 e0xw74 0:0:0:0:0:0:0:1 /secure/WorkflowUIDispatcher.jspa Potential malicious redirect detected:
      

      Notes

      Occasionally when replicating this issue users may experience a xsrf security token missing error in the UI and in the atlassian-jira.log file looking like the following and logged exact at the same time as the one logged in the security logs:

      2020-01-28 13:45:49,326 http-nio-8080-exec-165 INFO admin 825x20446011x1 ydgg8i x.x.x.x,x.x.x.x /secure/WorkflowUIDispatcher.jspa [c.a.j.web.action.XsrfErrorAction] The security token is missing for 'admin'. User-Agent : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0'
      

      Workaround

      Required, I have not found any way to stop it currently.

              pcegla Pawel Cegla
              estorch Eric Storch (Inactive)
              Votes:
              19 Vote for this issue
              Watchers:
              42 Start watching this issue

                Created:
                Updated:
                Resolved: