Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-227

Allow X-seraph-loginreason to be Toggled On/Off in Jira and Bamboo

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None

    • Jira Software 9.x
      Bamboo Data Center 9.x

    • true

      Problem Statement:

      We need to be able to turn off the x-seraph-loginreason response header in Jira and Bamboo due to security concerns

      Description:

      While using Jira's or Bamboo's internal authentication methods, and trying to login, a response header contains the result of the login-attempt:

      • AUTHENTICATION_DENIED
      • AUTHENTICATED_FAILED
      • OK

      This allows an attacker to adjust their methods to account for the result in an effort to Access Jira or Bamboo

      Idea:

      There should be an option, toggle, or switch, to disable the x-seraph-loginreason header to prevent this value from being returned.

      Work Around:

      No work around is currently available at this time. We'll update this ticket once one is verified.

            Unassigned Unassigned
            6a1ad6d343e3 Patrick Turbett
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              1 year, 23 weeks, 5 days ago