| Key: |
QB-3380
|
| Type: |
Bug
|
| Status: |
Resolved
|
| Resolution: |
Fixed
|
| Priority: |
Blocker
|
| Assignee: |
Unassigned
|
| Reporter: |
AlSt
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 24/Apr/19 07:43 AM
Updated: 04/May/19 12:15 AM
|
|
| Component/s: |
None
|
| Affects Version/s: |
8.0.28
|
| Fix Version/s: |
9.0.9
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
|
We just got a link for a build in QB for investigating a build failure. The guy who sent us the link also copied the JSESSIONID with it. When we clicked on it we suddenly were logged in as this user.
High security risk!
|
|
Description
|
We just got a link for a build in QB for investigating a build failure. The guy who sent us the link also copied the JSESSIONID with it. When we clicked on it we suddenly were logged in as this user.
High security risk! |
Show » |
| There are no comments yet on this issue.
|
|
QB links which contain the session id let you hijack the session if it still active.