Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.9.2
-
None
Description
see: https://jira.atlassian.com/browse/JRA-31187
e.g. https://fisheye2.atlassian.com/s/1519/3/1.0/_/WEB-INF/
and https://fisheye2.atlassian.com/s/1519/3/1.0/_/WEB-INF/web.xml .
FishEye shouldn't write any user data to the WEB-INF directory.
The only files which are viewable there, should be the same as those you get when you download FishEye/Crucible zip from http://www.atlassian.com/software/fisheye/downloads/binary/fisheye-2.9.2.zip .
Attachments
Issue Links
- is related to
-
CRUC-8052 Arbitrary resource forwarding vulnerability in TotalityFilter
- Closed
-
FE-6896 Arbitrary resource forwarding vulnerability in TotalityFilter
- Closed
- relates to
-
JRASERVER-31187 Default application configuration files are available for download
- Closed