Hi all,
I have the following set up:
- Crowd 2.8.3 (Build:#648 - 2015-06-01)
- JIRA (v7.4.2#74004-sha1:586975d)
- Confluence 5.5.2
- Stash v3.8.0
Upon doing a penetration testing, i found out that except for Crowd, the rest (JIRA, Confluence, Stash) are vulnerable to Cross-Site Request Forgery attack. It was recommended to me (by the pen test) to provide a unique token that guarantees freshness of submitted data must be added to all web application elements that can affect business logic.
I saw in this document about CSRF protection with Atlasian products. I don't know where (and how to start) on implementing this with my setup above.
I however am avoiding to upgrade either of JIRA, Confluence and Stash.
