Hi Team,

Can anyone let me know with this critical issue, attacker will be able to see all the issues in JIRA and will be able to send e-mails.

Will they get JIRA Admin access where they can make changes to workflows /any other change?

Please explain me how to do Workaround 1:?

<rule>
    <from>^/[^?]*\.\..*$</from>
    <to type="temporary-redirect">/</to>
</rule>

do we need to paste it as it it in WEB-INF file or we need to put the path of JIRA?

Please explain the same, it would be very helpful.