[XRAY-4740] Site-wide CSRF protection - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: R3.5.3
Fix Version/s: 4.1.0
Component/s: Administration, REST_API, Security
Labels:

Requirement Status:
OK
- 1

Description

Site-wide CSRF on admin settings page:

Endpoints confirmed too be vulnerable:
POST /secure/admin/views/XrayIssueTypeMappingConfiguration!save.jspa
POST /secure/admin/views/XrayRequirementCoverageConfiguration!save.jspa
POST /secure/admin/views/XrayTestStatusConfiguration!save.jspa
POST /secure/admin/views/XrayTestStatusConfiguration!delete.jspa
POST /secure/admin/views/XrayTestStatusConfiguration!savePrefs.jspa
POST /secure/admin/views/XrayColumnLayoutConfiguration!save.jspa
POST /secure/admin/views/XrayCustomFieldConfiguration!save.jspa

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Hugo Braz [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 27/Nov/19 11:21 AM

Updated:: 21/Oct/20 3:53 PM

Resolved:: 21/Oct/20 3:53 PM

Time Tracking

Estimated:

Remaining:

Logged:

4w 2d 5h