Hi Team,
Can anyone let me know with this critical issue, attacker will be able to see all the issues in JIRA and will be able to send e-mails.
Will they get JIRA Admin access where they can make changes to workflows /any other change?
Please explain me how to do Workaround 1:?
<rule>
<from>^/[^?]*\.\..*$</from>
<to type="temporary-redirect">/</to>
</rule>
do we need to paste it as it it in WEB-INF file or we need to put the path of JIRA?
Please explain the same, it would be very helpful.