Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

vulnerabilities in 8.5.5

Vivek Bohra
Vivek Bohra March 9, 2022

we have detected few vulnerability for existing JIRA version 8.5.5. most of them can be mitigated by upgrading the version however please confirm if the vulnerability commented below can be mitigated by upgrading the version.

 

  1. <The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext.An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.>

 

  1. <The remote web server contains at least one HTML form field that has an input of type 'password' where 'autocomplete' is not set to 'off'.While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or if their machine is compromised at some point.>
Answer
Watch
Like Be the first to like this
561 views

2 answers

0 votes
Sachin Dhamale
Sachin Dhamale
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 10, 2022

@Vivek Bohra ,

 

Refer this List of vulnerabilities in Jira 8.5.5 With Solutions 

All Vulnerabilities and solutions 

 

Accept the answer if it helps

Reply
0 votes
Craig Castle-Mead
Craig Castle-Mead March 10, 2022

Hi,

The first should not be relevant if you've enforced https 

For the second, autocomplete is not set to false on the password field by default in 8.20.6 - but you'll find that most sites have autocomplete enabled.

CCM

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.