[XPORTER-3179] Site-wide CSRF on Xporter actions and pages - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.0.0
Fix Version/s: 6.3.4
Component/s: App Settings, Security
Labels:
- security_vulnerability_high

Requirement Status:
OK
- 1

Description

Site-wide CSRF on admin settings page:

1. Login to your Jira instance
2. Click on the gear icon top right corner, and select Manage Apps
3. In the left menu, click on Global Settings
4. Change any of the settings and notice that no CSRF protection is in place.
5. Check any POST request to /secure/admin/views/Xporter* and notice that no CSRF protection is in place.

All the actions must be reviewed including action regarding Xporter Project level configuration.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Rui Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Feb/20 4:01 PM

Updated:: 28/Apr/20 3:29 PM

Resolved:: 28/Apr/20 3:29 PM

Time Tracking

Estimated:

Remaining:

Logged:

1w 10m