Details
-
Suggestion
-
Resolution: Done
-
None
-
None
Description
GHCreateNewIssue.jspa is not protected against XSRF attacks.
Impact: It is possible for an attacker to make a victim create new issues on the victim's JIRA instance through this bug in GHCreateNewIssue.jspa.
Attachments
Issue Links
- details
-
JSWSERVER-5777 Add XSRF protection to LicenseAction
- Closed
-
JSWSERVER-5778 Add XSRF protection to ConfigurationAction and subclasses (Global and Project) for all page pop methods
- Closed
-
JSWSERVER-5779 Add XSRF protection to SetIssueDisplay on CardBoardAction
- Closed
- has a derivative of
-
JSWSERVER-6355 XSRF in com.pyxis.greenhopper.jira.actions.VersionBoardAction
- Closed
-
JSWSERVER-6356 XSRF com.pyxis.greenhopper.jira.actions.TaskBoardAction
- Closed