[CSRF][Secuirity] External share confluence leads to add comments arbitrarily behalf of the admin.

Show:

Parsa Shiva 20 September 2022, 15:55

@Kamil Zarychta Fix Verified for Jira as well - QA environment.

Unable to land a comment via Postman.

Parsa Shiva 20 September 2022, 10:42

@Kamil Zarychta Fix verified - QA environment.

I was unable to repeat the same process using the postman method, I got the “200 OK” response but unable to successfully land a comment.

Kamil Zarychta 20 September 2022, 07:15

@Parsa Shiva I released new version of CES and deployed it on https://kzarychta-confluence-latest.klab.resolution.de/

user: admin

pass: just4lab!

Please verify fix for csrf.

Done

Details

Medium

13 September 2022, 11:19

15 November 2024, 15:54

Created: 13 September 2022, 09:19 Updated: 15 November 2024, 14:54