Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIra security vulnerabilities

Rahul Aich [Nagra]
Rahul Aich [Nagra]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi All

We are on JIRA 4.1.2. we are planning an upgrade to 5.1 version by end of june. We need your advise on one of the security vulnerabilities we have found on JIRA 4.1.2.

the details are mentioned below.

We would like to know

1. what version of JIRA upgrade will fix this vulnerability
2. Is there a workaround available for this vulnerability until the end of June.

Vulnerability description:

The hosts
xxx.xx.xx.xx
and
xxx.xx.xx.xx are both affected by Atlassian JIRA ConfigureReport.jspa 'reportKey' Info Disclosure (only)
The full description is: "The version of JIRA hosted on the remote web server is affected by an information disclosure vulnerability. By setting 'reportKey' parameter in 'ConfigureReport.jspa' to an invalid value, it is possible for an unauthenticated attacker to obtain sensitive information such as operating system version, database version, build version from the remote system. "

Answer
Watch
Like Be the first to like this
1666 views

2 answers

1 accepted

0 votes
Answer accepted
Rahul Aich [Nagra]
Rahul Aich [Nagra]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 19, 2013

The log pasted above corresponds to vulnerability related to 500page.jsp where in you can get a lot of information about the jira instance by directly hitting an URL . I patched the updated 500page.jsp from the knowledge base article on jra and it fixed the vulnerability.

Rahul

Reply
0 votes
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

You would need to check this page for security vulnerabilities that have already been reported (https://confluence.atlassian.com/display/JIRA051/Security+Advisories). You can also update your test server to 5.1 (or whichever version you prefer) and check if the vulnerability still exists.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian community, loom ai, atlassian loom ai, loom, atlassian ai, record recaps of meetings, meeting recaps, loom recaps, share meeting recaps,

Loom’s guide to great meetings 📹

Join us to learn how your team can stay fully engaged in meetings without worrying about writing everything down. Dive into Loom's newest feature, Loom AI for meetings, which automatically takes notes and tracks action items.

Register today!
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.