This test verifies if the remote manifest is valid. For example, if you are creating an application link from JIRA to Confluence, it will check whether the manifest on Confluence is valid. This is done by accessing that instance on the URL paths tested below, and then verifying that manifest retrieved is not malformed and is what it is supposed to be.
This manifest is used to generate application links between different apps. If this is not valid, those application links will fail.
<URL>/rest/applinks/1.0/manifest & Application URL.
| Error(s) | Steps to Resolve |
|---|---|
|
|
|
|
|
|
|
|
It is a potential risk to use impersonating authentication schemes such as Trusted Apps or Two Legged Impersonation OAuth for incoming requests from an instance that allows public sign up.
Impersonating authentication schemes pass the current username from the originating instance to the remote instance across the application link. The username is then used to automatically log in to the local instance user account that shares the same username. The request actions are then completed using the permissions associated with this local user account.
The risk arises if, for example, username 'wendy' on the local instance represents an administrator. If the username 'wendy' is not already used on the remote instance and if the remote instance allows public sign up, anyone can create a new account on that instance with username 'wendy'. Although they may be restricted to creating an account with limited permissions on the remote instance, when they make requests to the local instance across the application link they will gain administrator rights on the local instance, due to the shared username. This is referred to as privilege escalation.
{dynamiccontentbylabel:showLabels=false|showSpace=false} |