[JSWSERVER-20347] Moving an issue in a Kanban board causing logging to atlassian-jira-security.log.

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 8.5.5, 8.9.0, 8.8.2
Affects Version/s: 8.4.0, 8.4.1, 8.6.0, 8.6.1, 8.5.3, 8.5.5, 8.8.1
Component/s: Board configuration
Labels:
- raid
- warranty

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.04
Support reference count:
11
Symptom Severity:
Severity 2 - Major
UIS:
30
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Jira is logging in the atlassian-jira-security.log when you move an issue in Kanban board.

Steps to Reproduce

Install default instance
Create Kanban project
Create new Issue for Project (I used bug).
Move the issue in the Kanban board to anywhere.

The following line is logged in the atlassian-jira-security.log

Expected Results

Nothing should be logged as nothing is installed that is doing anything.

Actual Results

The below is logged in the atlassian-jira-security.log file:

2019-12-03 10:59:43,920 http-nio-8080-exec-9 jiraadmin 659x2200x1 e0xw74 0:0:0:0:0:0:0:1 /secure/WorkflowUIDispatcher.jspa Potential malicious redirect detected:

Notes

Occasionally when replicating this issue users may experience a xsrf security token missing error in the UI and in the atlassian-jira.log file looking like the following and logged exact at the same time as the one logged in the security logs:

2020-01-28 13:45:49,326 http-nio-8080-exec-165 INFO admin 825x20446011x1 ydgg8i x.x.x.x,x.x.x.x /secure/WorkflowUIDispatcher.jspa [c.a.j.web.action.XsrfErrorAction] The security token is missing for 'admin'. User-Agent : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0'

Workaround

Required, I have not found any way to stop it currently.

is related to

JSWSERVER-20681 Moving an issue in a Kanban board causing logging to atlassian-jira.log Occasionally

Gathering Impact

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

relates to: RAID-1706 You do not have permission to view this issue; RAID-1774 Loading...; RAID-1922 Loading...

(2 relates to)

Mateusz Marzęcki added a comment - 05/May/2020 10:49 AM

Diego, Dana,

the fix has been backported and will be available since 8.5.5.

Greetings,

Mateusz

Mateusz Marzęcki added a comment - 05/May/2020 10:49 AM Diego, Dana, the fix has been backported and will be available since 8.5.5. Greetings, Mateusz

Dana Jansen added a comment - 21/Apr/2020 9:09 PM

We really need this back ported to 8.5 ER

Dana Jansen added a comment - 21/Apr/2020 9:09 PM We really need this back ported to 8.5 ER

Diego Baeza (Inactive) added a comment - 10/Apr/2020 2:44 PM

pcegla are we backporting this to 8.5 ER?

Thanks

Diego Baeza (Inactive) added a comment - 10/Apr/2020 2:44 PM pcegla are we backporting this to 8.5 ER? Thanks

Assignee:: Pawel Cegla

Reporter:: Eric Storch (Inactive)

Affected customers:: 19 This affects my team

Watchers:: 42 Start watching this issue

Created:: 03/Dec/2019 5:08 PM

Updated:: 27/Jan/2025 5:17 PM

Resolved:: 20/May/2020 8:43 AM

Jira Software Data Center

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Notes

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Mateusz Marzęcki added a comment - 05/May/2020 10:49 AM

Expand comment: Mateusz Marzęcki added a comment - 05/May/2020 10:49 AM

Collapse comment: Dana Jansen added a comment - 21/Apr/2020 9:09 PM

Expand comment: Dana Jansen added a comment - 21/Apr/2020 9:09 PM

Collapse comment: Diego Baeza (Inactive) added a comment - 10/Apr/2020 2:44 PM

Expand comment: Diego Baeza (Inactive) added a comment - 10/Apr/2020 2:44 PM

People

Dates

Backbone Issue Sync