A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to block attachment based on file type

Rishabh Gupta
Rishabh Gupta
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 17, 2021

During Assessment it was observed that application allows malicious files to be uploaded.

1. Malicious files can be uploaded with multiple extensions as file content is not validated.

2. Eicar virus file can be uploaded.

Impact :

A remote attacker could send a malicious file via POST request with a specially crafted filename, file content or mime type and execute arbitrary code to take complete control of the victim’s machine/server. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement.

Screenshot from 2021-08-18 11-57-14.png

Answer
Watch
Like Be the first to like this
920 views

1 answer

1 vote
Brant Schroeder
Brant Schroeder
Community Champion
September 7, 2021

@Rishabh Gupta Welcome to the Atlassian Community.

In the past, I have always handled this on the server.  Using the server to prevent certain files and scanning files that are uploaded.  I do not know of any way in the application to handle this and there is nothing in their documentation about it https://confluence.atlassian.com/adminjiraserver/configuring-file-attachments-938847851.html

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security