Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-74757

Clicking on checkboxes in Basic Search returns an error: The Jira server could not be contacted. This may be a temporary glitch or the server may be down.

XMLWordPrintable

    • 8.13
    • 32
    • Severity 1 - Critical
    • 543
    • Hide

      We've investigated the issue and discovered a network/firewall block at the endpoint, likely due to an old vulnerability that was previously patched -> https://jira.atlassian.com/browse/JRASERVER-71536 

      We suspect that network firewall providers are still flagging this endpoint within their threat profiles. We’re contacting major firewall providers to have this resolved permanently as there is nothing in Jira to mitigate this. If you’re affected by the issue, please check with your network infrastructure team to ensure the network solution isn't blocking requests to the endpoint.

      https://<base_url>/secure/QueryComponent!Default.jspa

      If it is, please request that the related rule be modified or disabled in the network/firewall solution. We apologize for any inconvenience this may have caused.

      Show
      We've investigated the issue and discovered a network/firewall block at the endpoint, likely due to an old vulnerability that was previously patched -> https://jira.atlassian.com/browse/JRASERVER-71536   We suspect that network firewall providers are still flagging this endpoint within their threat profiles. We’re contacting major firewall providers to have this resolved permanently as there is nothing in Jira to mitigate this. If you’re affected by the issue, please check with your network infrastructure team to ensure the network solution isn't blocking requests to the endpoint. https://<base_url>/secure/QueryComponent!Default.jspa If it is, please request that the related rule be modified or disabled in the network/firewall solution. We apologize for any inconvenience this may have caused.

      Issue Summary

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Use Linux OS.
      2. Jira Software DC version 8.20.10 or 9.4.2
      3. Set up the Jira server as the proxy but no SSL in the server.xml
      4. Upgrade Linux components. 
      5. Navigate to the Basic Search screen and attempt to select a Project from the drop-down list.

      Expected Results

      You are able to select the Project.

      Actual Results

      The below error is observed in the webpage:

      The Jira server could not be contacted. This might be a temporary glitch or the server could be down.

      In the Developer Tools, we see the following error:

      POST https://<base_url>/secure/QueryComponent!Default.jspa net::ERR_EMPTY_RESPONSE

      There is no status code, and the timing is Blocked.

      Workaround

      • Use the Advanced Search instead as this search is not broken.
      • Enabling the Proxy bypass allows the component to work correctly. 
      • Check with network/infrastructure team to confirm if a network security solution is blocking requests into QueryComponent!Default.jspa and modify/disable the related rule so they are no longer blocked.
         
         If using Palo Alto networks, please check if they have been updates with a threat profile for CVE-2020-14179 released on 2023-01-23.  If so, disable this policy.

        1. image-2023-02-03-18-42-28-632.png
          image-2023-02-03-18-42-28-632.png
          115 kB

            [JRASERVER-74757] Clicking on checkboxes in Basic Search returns an error: The Jira server could not be contacted. This may be a temporary glitch or the server may be down.

            Andrzej Kotas added a comment -

            We've investigated the issue and discovered a network/firewall block at the endpoint, likely due to an old vulnerability that was previously patched -> https://jira.atlassian.com/browse/JRASERVER-71536 

            We suspect that network firewall providers are still flagging this endpoint within their threat profiles. We’re contacting major firewall providers to have this resolved permanently as there is nothing in Jira to mitigate this. If you’re affected by the issue, please check with your network infrastructure team to ensure the network solution isn't blocking requests to the endpoint.

            https://<base_url>/secure/QueryComponent!Default.jspa

            If it is, please request that the related rule be modified or disabled in the network/firewall solution. We apologize for any inconvenience this may have caused.

            Andrzej Kotas added a comment - We've investigated the issue and discovered a network/firewall block at the endpoint, likely due to an old vulnerability that was previously patched -> https://jira.atlassian.com/browse/JRASERVER-71536   We suspect that network firewall providers are still flagging this endpoint within their threat profiles. We’re contacting major firewall providers to have this resolved permanently as there is nothing in Jira to mitigate this. If you’re affected by the issue, please check with your network infrastructure team to ensure the network solution isn't blocking requests to the endpoint. https://<base_url>/secure/QueryComponent!Default.jspa If it is, please request that the related rule be modified or disabled in the network/firewall solution. We apologize for any inconvenience this may have caused.

            Augusto Leite Pinte De Carvalho added a comment -

            That is also solved for us by the network team. 

            Palo Alto was blocking it. 

            Augusto Leite Pinte De Carvalho added a comment - That is also solved for us by the network team.  Palo Alto was blocking it. 

            Jeret Shuck added a comment - - edited

            We recently saw this start acting up as well, and is and being flagged by Global Protect as a vulnerability.

            Jeret Shuck added a comment - - edited We recently saw this start acting up as well, and is and being flagged by Global Protect as a vulnerability.

            Jacob Olson added a comment -

            We encountered this issue and found that a new Palo Alto threat profile for JRASERVER-71536 was released on 2023-01-23.

            On our appliances, it's blocking requests for 'QueryComponent!Default.jspa' between our proxy and the Jira nodes.

            Our network team put a temporary workaround of the new threat profile in place (while waiting for official guidance from Palo Alto) and basic search started working again.

            Jacob Olson added a comment - We encountered this issue and found that a new Palo Alto threat profile for JRASERVER-71536 was released on 2023-01-23. On our appliances, it's blocking requests for 'QueryComponent!Default.jspa' between our proxy and the Jira nodes. Our network team put a temporary workaround of the new threat profile in place (while waiting for official guidance from Palo Alto) and basic search started working again.

            Sarah A added a comment -
            1. OS: Linux
              The version of the OS itself doesn't seem relevant:
            Seen in
    <os-name>Linux</os-name>
    <os-architecture>amd64</os-architecture>
    <os-version>4.15.0-202-generic</os-version>
and also seen in
    <os-name>Linux</os-name>
    <os-architecture>amd64</os-architecture>
    <os-version>3.10.0-1160.81.1.el7.x86_64</os-version>

            Sarah A added a comment - OS: Linux The version of the OS itself doesn't seem relevant: Seen in     <os-name>Linux</os-name>     <os-architecture>amd64</os-architecture>     <os-version>4.15.0-202- generic </os-version> and also seen in    <os-name>Linux</os-name>     <os-architecture>amd64</os-architecture>     <os-version>3.10.0-1160.81.1.el7.x86_64</os-version>

              jcegiel@atlassian.com Jakub Cegiel
              samann Sarah A
              Affected customers:
              23 This affects my team
              Watchers:
              32 Start watching this issue

                Created:
                Updated:
                Resolved: