Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-81340

Stop rendering data at /secure/QueryComponent!Default.jspa

    XMLWordPrintable

Details

    • 4
    • 7

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      It has been previously assessed that {yourinstance}.atlassian/net/secure/QueryComponent!Default.jspa is not leaking any private Jira data from a Jira Cloud instances:

      Regardless, it is unclear why this page still exists, after this was previously patched in Server/Data Center:

      As such, as this page can potentially trigger vulnerability scanners and visually appear like it may be exposing sensitive data, is there a need for this to exist in Cloud any longer?

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-75661 Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              d85a46aea530 Ryan Brailey
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: