[#QB-3380] QB links which contain the session id let you hijack the session if it still active.

<< Back to previous view

[QB-3380] QB links which contain the session id let you hijack the session if it still active. Created: 24/Apr/19 Updated: 04/May/19
Status:	Resolved
Project:	QuickBuild
Component/s:	None
Affects Version/s:	8.0.28
Fix Version/s:	9.0.9

Type:

Bug

Priority:

Blocker

Reporter:

AlSt

Assigned To:

Unassigned

Resolution:

Fixed

Votes:

Remaining Estimate:

Unknown

Time Spent:

Unknown

Original Estimate:

Unknown

Description

We just got a link for a build in QB for investigating a build failure. The guy who sent us the link also copied the JSESSIONID with it. When we clicked on it we suddenly were logged in as this user.

High security risk!

Generated at Thu Apr 25 15:23:06 UTC 2024 using JIRA 189.

[QB-3380] QB links which contain the session id let you hijack the session if it still active. Created: 24/Apr/19 Updated: 04/May/19

[QB-3380] QB links which contain the session id let you hijack the session if it still active.
Created: 24/Apr/19 Updated: 04/May/19