[JSWSERVER-16436] Missing Secure Attribute in Encrypted Session (SSL) Cookie

Type: Suggestion
Resolution: Timed out
Fix Version/s: None
Component/s: Board configuration
Labels:
None

UIS:
1
Support reference count:
2
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Our security department has scanned our Jira (v7.4.2#74004-sha1:586975d) using an IBM tool called Appscan. It reported a possible vulnerability. I have to prepare a response to indicate if this is a known problem and when or if it will be fixed. I require your assistance please. Text from the report follows:

Missing Secure Attribute in Encrypted Session (SSL) Cookie- It may be possible to steal user and session information (cookies) that was sent during an encrypted session.

Recommendation: Add the 'Secure' attribute to all sensitive cookies.

Form Name

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: steve moffat

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 15/Feb/2018 2:50 PM

Updated:: 19/Sep/2019 5:57 AM

Resolved:: 10/Dec/2018 10:42 PM

Details

Description

Attachments

Forms

Activity

People

Dates

Backbone Issue Sync