Jira Legacy server JIRA serverId 3162e2e3-7847-3218-811e-73d3b7cc1d61 key SEC-131 - Category: Customer Security: medium - high
- Type: Open Redirect
- Risk: Identity-theft, Phishing, Defacement
- Summary: A bug in the django-1.11.14 allows an attacker to fool our customers by redirecting them to external/attacker controlled websites
- For unkown reasons did not get merged into release 2.9.0
- Is fixed in development by upgrading django and its dependencies to 1.11.16
Jira Legacy server JIRA serverId 3162e2e3-7847-3218-811e-73d3b7cc1d61 key SEC-125 - Category: Customer Security: medium- high
- Type: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- Risk: Session-Highjacking, Stolen Payments, Insecure NETS payment
- Summary: During NETS payment our customer loses his secured cookies when getting redirected
- Fix has been reverted, due to a bug and time constraintsfor now.constraints
- NETS payment should be treated as insecure
- unfixed/unplanned
...