Jira 8 is showing Plugins and Jira version in about page even without authentication.
https://jira.x.com/secure/Dashboard.jspa which could lead to attack information gathering specially for all the plugins deployed
If you're worried about a page showing specific versions of software, you are worrying about the wrong thing. What difference does it make that an attacker knows you have (or not) a vulnerable version?
Imagine you have software with versions 82.1, 82.2 and 82.3. 82.2 has a security flaw. An attacker has a look at your system. If you announce the version, they know whether you are vulnerable or not. If you do not announce it, they try the attack anyway. For most attacks, trying an exploit is not much slower than reading the page to try to decide whether to bother.
For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events