The following security advisory was received informing us of a bypass that can allow attackers the ability to view all issues through any project within a Jira instance:
One of the workarounds provided (Workaround 2) references a LocationMatch configuration that is very similar to a configuration to a .conf file through a prior security advisory (https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html?utm_source=alert-email&utm_medium=email&utm_campaign=Jira%20Service%20Desk%20Server%20and%20Data%20Center-advisory_september-2019_EML-5414&jobid=104302939&subid=1333322718).
Will the application of the LocationMatch configuration as stated below cover Jira projects as well as Service Desk projects:
<LocationMatch "/(.*\.\.)"> Order Allow,Deny Deny from all </LocationMatch>
The workaround provided for the recent security advisory is as follows:
<LocationMatch "/servicedesk/.*\.jsp.*"> Order Allow,Deny Deny from all </LocationMatch>
Hello Insight users, As part of our (Mindville's) acquisition by Atlassian, our training team is looking to build some new Insight training materials. It would really helpful if you can ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events