The "user" Dark Features page is vulnerable to XSRF/csrf

The "User Dark Features" page located at $host/secure/ViewProfile.jspa?selectedTab=jira.user.profile.panels:up-darkfeatures-panel allows users to add dark features which only affect themselves. However, it is not protected against XSRF attacks. Note: the 'value' of dark features is not properly...

The "user" Dark Features page is vulnerable to XSRF/csrf

The "User Dark Features" page located at $host/secure/ViewProfile.jspa?selectedTab=jira.user.profile.panels:up-darkfeatures-panel allows users to add dark features which only affect themselves. However, it is not protected against XSRF attacks. Note: the 'value' of dark features is not properly...