/secure/admin/jira/AcknowledgeTask.jspa is an open redirect

2012-04-04T06:36:54
ID ATLASSIAN:JRASERVER-27786
Type atlassian
Reporter dblack
Modified 2017-02-20T00:43:35

Description

The AcknowledgeTask.jspa page found under http://$HOST/secure/admin/jira/AcknowledgeTask.jspa can be used to redirect users to another page on the internet and possibly used to create a non-persistent xss flaw.

Here is an example url which will direct a user to http://google.com

http://$HOST/secure/admin/jira/AcknowledgeTask.jspa?taskId=2&destinationURL=http://google.com?%3B%3F&Acknowledge=Acknowledge