Details
-
Improvement
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
Jira Software 9.x
Bamboo Data Center 9.x
-
true
Description
Problem Statement:
We need to be able to turn off the x-seraph-loginreason response header in Jira and Bamboo due to security concerns
Description:
While using Jira's or Bamboo's internal authentication methods, and trying to login, a response header contains the result of the login-attempt:
- AUTHENTICATION_DENIED
- AUTHENTICATED_FAILED
- OK
This allows an attacker to adjust their methods to account for the result in an effort to Access Jira or Bamboo
Idea:
There should be an option, toggle, or switch, to disable the x-seraph-loginreason header to prevent this value from being returned.
Work Around:
No work around is currently available at this time. We'll update this ticket once one is verified.
Attachments
Issue Links
- is related to
-
BAM-22115 X-Seraph-LoginReason response header improvements
- Closed