[XPORTER-3159] Xporter returns sensitive information on File Servers Rest Service. - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: Release 4.3.0
Fix Version/s: 6.3.4
Component/s: File Servers, Rest API, Security
Labels:
- security_vulnerability_high

Requirement Status:
OK
- 1

Description

Xporter returns crucial information on File Servers Rest Service.
Using the following RES API call, the user is able to get crucial information such as File Server password.

http://<JIRA_BASE_URL>/jira/jiraxporter/1.0/servers/?context=admin

Expected behavior:

The rest service should return only non-crucial information.
Password must be asked when the user wants to edit a file server in order to avoid passing the password

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Andre Fernandes Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Feb/20 3:53 PM

Updated:: 28/Apr/20 3:32 PM

Resolved:: 28/Apr/20 3:32 PM

Time Tracking

Estimated:

Remaining:

Logged: