Noticed that the ShellServlet doesn't include any sort of CSRF token to prevent an attack, but just uses the state of the session to determine authentication.
I believe this means that the servlet is potentially vulnerable to a csrf attack. CORS protects against the majority of this, I haven't been able to come up with a plausible vector for an actual attack yet, but it would be good to clean up.
|Field||Original Value||New Value|
|Fix Version/s||1.6.1 [ 12325441 ]|
|Fix Version/s||1.7.0 [ 12324607 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|
|Transition||Time In Source Status||Execution Times||Last Executer||Last Execution Date|
|16d 5h 2m||1||Josh Elser||24/May/14 00:32|