Hi Concern,
Jira 8 is showing Plugins and Jira version in about page even without authentication.
https://jira.x.com/secure/Dashboard.jspa which could lead to attack information gathering specially for all the plugins deployed
If you're worried about a page showing specific versions of software, you are worrying about the wrong thing. What difference does it make that an attacker knows you have (or not) a vulnerable version?
Imagine you have software with versions 82.1, 82.2 and 82.3. 82.2 has a security flaw. An attacker has a look at your system. If you announce the version, they know whether you are vulnerable or not. If you do not announce it, they try the attack anyway. For most attacks, trying an exploit is not much slower than reading the page to try to decide whether to bother.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.