Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 8.5.5, 8.10.0, 8.9.1, 8.20.1, 9.12.12, 10.1.1
Component/s: Security
Labels:

Introduced in Version:
8.05
Support reference count:
16
Symptom Severity:
Severity 3 - Minor
UIS:
3
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Browsing serverInfo anonymously gives version number information

Steps to Reproduce

curl https://<jira-server>/rest/api/2/serverInfo
navigate to https://<jira-server>/rest/api/2/serverInfo in a browser

Expected Results

Fail to connect

Actual Results

The below exception is thrown in the xxxxxxx.log file:

baseUrl	"https://ocean.agilecraft.xyz"
version	"8.5.5"
versionNumbers	
0	8
1	5
2	5
deploymentType	"Server"
buildNumber	805005
buildDate	"2020-06-05T00:00:00.000+0000"
databaseBuildNumber	805005
scmInfo	"a6982cff65627fb3fa50669b736095827f0ea0a7"
serverTitle	"JIRA"

Workaround

Possible API gateway/proxy setup or whitelist IPs that are trusted

relates to

JRASERVER-70987 About Jira page can be accessed anonymously

Closed

JRASERVER-62282 Ability to disable/hide the REST endpoint for serverInfo

Gathering Interest

Assignee:: Unassigned

Reporter:: James McCulley

Votes:: 2 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 16/Jul/2020 11:10 PM

Updated:: 19/Dec/2024 2:18 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates