Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6499

REST API endpoint response shows information related to storage location on the server, potentially causing security issues

    XporterXMLWordPrintable

Details

    • XRAY 2020 Sprint 10
    • OK

    Description

      When using the following endpoint "rest/raven/2.0/api/test/{testkey}/steps" you will receive a response including Attachment information.

      For every attachment you can see the information “filePath”, which shows the storage location of the server which should be an internal information and not be shown in the response of any Rest API Call.

       

      Attachments

        Activity

          People

            dpca Diamantino Campos
            drcs Douglas Souza [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 hours, 25 minutes
                6h 25m