Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Done
Fix Version/s: None
Component/s: None
Labels:

Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

GHCreateNewIssue.jspa is not protected against XSRF attacks.
Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa.

Attachments

Issue Links

details

JSWSERVER-5777 Add XSRF protection to LicenseAction

Closed

JSWSERVER-5778 Add XSRF protection to ConfigurationAction and subclasses (Global and Project) for all page pop methods

Closed

JSWSERVER-5779 Add XSRF protection to SetIssueDisplay on CardBoardAction

Closed

has a derivative of

JSWSERVER-6355 XSRF in com.pyxis.greenhopper.jira.actions.VersionBoardAction

Closed

JSWSERVER-6356 XSRF com.pyxis.greenhopper.jira.actions.TaskBoardAction

Closed

Activity

People

Assignee:: Michael Tokar

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Aug/2012 6:19 AM

Updated:: 19/Sep/2019 5:59 AM

Resolved:: 23/Oct/2012 11:48 AM