Status: Closed (View Workflow)
Affects Version/s: 7.10.2, 8.5.0
Introduced in Version:7.1
Symptom Severity:Severity 2 - Major
Bug Fix Policy:
Users without session information should be pushed to the login page.
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Login.
- version < 8.9.1
If the fix is causing problems it can be disabled by adding to Jira a dark feature flag
The fix is available in LTS versions - 7.13.15+ and 8.5.6+ but will be disabled. The fix can be enabled by adding to Jira a dark feature flag
Both feature flags can be added by admin via site `<jira_directory>/secure/SiteDarkFeatures!default.jspa`