Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information d

swati gupta September 26, 2019

Hi Team,

Can anyone let me know with this critical issue, attacker will be able to see all the issues in JIRA and will be able to send e-mails.

Will they get JIRA Admin access where they can make changes to workflows /any other change?

Please explain me how to do Workaround 1:?

<rule>
    <from>^/[^?]*\.\..*$</from>
    <to type="temporary-redirect">/</to>
</rule>

 

do we need to paste it as it it in WEB-INF file or we need to put the path of JIRA?

Please explain the same, it would be very helpful.

0 answers

Suggest an answer

Log in or Sign up to answer