User Authentication can be bypassed if you have an old JSESSIONID
1. Log IN as admin into JIRA
2. copy the JSESSIONID from the cookie (using firefox plugins)
3. Close the window where you are logged in.
4. Open again the Browser and type the next URL:
6. Now edit your cookie and fill it with the same value than in the previous URL.
7. Perform whatever action you want as a Admin User.
Maybe Changing the session timeout or other configuration could be enough to preserve the system integrity?
there is a security advisory related to this?
Could this be avoided?
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in talking to 20 people planning t...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs