Allow X-seraph-loginreason to be Toggled On/Off in Jira and Bamboo

XMLWordPrintable

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Medium
    • None
    • Affects Version/s: None
    • Environment:

      Jira Software 9.x
      Bamboo Data Center 9.x

      Problem Statement:

      We need to be able to turn off the x-seraph-loginreason response header in Jira and Bamboo due to security concerns

      Description:

      While using Jira's or Bamboo's internal authentication methods, and trying to login, a response header contains the result of the login-attempt:

      • AUTHENTICATION_DENIED
      • AUTHENTICATED_FAILED
      • OK

      This allows an attacker to adjust their methods to account for the result in an effort to Access Jira or Bamboo

      Idea:

      There should be an option, toggle, or switch, to disable the x-seraph-loginreason header to prevent this value from being returned.

      Work Around:

      No work around is currently available at this time. We'll update this ticket once one is verified.

              Assignee:
              Unassigned
              Reporter:
              Patrick Turbett
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: