JIRA should have an option for banning "unsafe" attachments

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Won't Do
    • None
    • Component/s: None
    • None

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      JIRA allows users to upload potentially unsafe attachments (.exe, .html, etc).

      If an attacker uploads a malicious attachment, a victim may download it and then inadvertently click the "Run" or "Open" button, thereby running the malicious attachment.

      JIRA already has the capability to detect potentially "runnable" attachments via the "Internet Explorer MIME Sniffing Security Hole Workaround" feature. It would be good to allow admins to turn this on during file upload.

            Assignee:
            Unassigned
            Reporter:
            Luis Miranda (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: