2 matches found
Okta Jira Authenticator < 3.1.5 Cross-Site Scripting
Okta Jira Authenticator toolkit versions below 3.1.5 suffer from a reflected Cross-Site Scripting XSS vulnerability. By injecting a specific payload in the osusername GET parameter, a remote unauthenticated attacker can execute arbitrary JavaScript code in the browser context of the target...
Enhance Seraph SSO support to create users automatically
Users of SSO systems generally also have some sort of external user management. As a simple first step, JIRA's SSO authenticator could create an OSUser account in JIRA if the SSO authentication succeeds...