Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
4
-
7
-
Description
It has been previously assessed that {yourinstance}.atlassian/net/secure/QueryComponent!Default.jspa is not leaking any private Jira data from a Jira Cloud instances:
Regardless, it is unclear why this page still exists, after this was previously patched in Server/Data Center:
As such, as this page can potentially trigger vulnerability scanners and visually appear like it may be exposing sensitive data, is there a need for this to exist in Cloud any longer?
Attachments
Issue Links
- is related to
-
JRACLOUD-75661 Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
- Closed