Hello,
I've been reported the next Low vulnerability:
"Open windows with normal hrefs with the tag target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin. "
It is located on the dropdown menu of the help option up in the nav bar. Could anyone confim me if it has a solution or has been checked?
On the vulnerability it is said that it can be fixed with rel="noopener noreferrer" added to the links to avoid a third party using window.opener.location.assign to exploit this.
Hi Bernardo,
in case the finding matches the definition of vulnerabilities I would not wait and report it to security team as stated in:
https://www.atlassian.com/trust/security/report-a-vulnerability
Cheers,
Daniel
Hi Bernardo,
can you tell me if there is an issue opened with this vulnerability, please?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.