-
Module:
BenAdmin
- Security
-
-
Item State:
Production Complete
- Closed
Internal IP addresses was revealed in error response to Employee Feedback file upload and sent mail.
This is additional vulnerability related to ST-107 suggestion.
- blocks
-
ST-107
Web Security: INTERNAL IP ADDRESS REVEALED
-
-
Closed
{"report":{"apdex":0.5,"isInitial":true,"journeyId":"c6a8e8b1-628c-44aa-9e83-79287a6d7c19","key":"jira.project.issue.view-issue","navigationType":0,"readyForUser":1043.2999999523163,"redirectCount":0,"resourceLoadedEnd":1102.3999999761581,"resourceLoadedStart":211.59999990463257,"resourceTiming":[{"duration":318.10000002384186,"initiatorType":"link","name":"https://jira.workterra.net/s/3003653444a1e1a85555cab7dcfb3a21-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/2e46d90b5cae895c9c38649c9d510130/_/download/contextbatch/css/_super/batch.css","startTime":211.59999990463257,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":211.59999990463257,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":529.6999999284744,"responseStart":0,"secureConnectionStart":0},{"duration":317.7999999523163,"initiatorType":"link","name":"https://jira.workterra.net/s/dd6a0911920485696ac20493290df627-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/3abe50d469404b639745df44b51476b6/_/download/contextbatch/css/jira.browse.project,jira.view.issue,project.issue.navigator,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&richediton=true","startTime":211.89999997615814,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":211.89999997615814,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":529.6999999284744,"responseStart":0,"secureConnectionStart":0},{"duration":317.7000000476837,"initiatorType":"link","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/8.5.0/_/download/batch/com.atlassian.auiplugin:split_aui.pattern.label/com.atlassian.auiplugin:split_aui.pattern.label.css","startTime":212.09999990463257,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":212.09999990463257,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":529.7999999523163,"responseStart":0,"secureConnectionStart":0},{"duration":317.8000000715256,"initiatorType":"link","name":"https://jira.workterra.net/s/bd548f27bbf8f278bd83b60dd3284ed8-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:global-static-adgs/jira.webresources:global-static-adgs.css","startTime":212.19999992847443,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":212.19999992847443,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":530,"responseStart":0,"secureConnectionStart":0},{"duration":317.7000000476837,"initiatorType":"link","name":"https://jira.workterra.net/s/70725731a158a7140f19ddbd4201ba27-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:global-static/jira.webresources:global-static.css","startTime":212.29999995231628,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":212.29999995231628,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":530,"responseStart":0,"secureConnectionStart":0},{"duration":449.5,"initiatorType":"script","name":"https://jira.workterra.net/s/f2623af22c15df767ec6ff268ae0b8bd-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/2e46d90b5cae895c9c38649c9d510130/_/download/contextbatch/js/_super/batch.js?locale=en-US","startTime":212.5,"connectEnd":212.5,"connectStart":212.5,"domainLookupEnd":212.5,"domainLookupStart":212.5,"fetchStart":212.5,"redirectEnd":0,"redirectStart":0,"requestStart":212.5,"responseEnd":662,"responseStart":662,"secureConnectionStart":212.5},{"duration":497.5,"initiatorType":"script","name":"https://jira.workterra.net/s/6ce676f2a5bcc9651cef6e7956f05def-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/3abe50d469404b639745df44b51476b6/_/download/contextbatch/js/jira.browse.project,jira.view.issue,project.issue.navigator,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en-US&richediton=true","startTime":212.5,"connectEnd":212.5,"connectStart":212.5,"domainLookupEnd":212.5,"domainLookupStart":212.5,"fetchStart":212.5,"redirectEnd":0,"redirectStart":0,"requestStart":212.5,"responseEnd":710,"responseStart":710,"secureConnectionStart":212.5},{"duration":500.40000009536743,"initiatorType":"script","name":"https://jira.workterra.net/s/ecf7ec549751ae117b778f0525d6d371-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/4.1.5/_/download/resources/com.atlassian.plugins.atlassian-chaperone:hotspot-tour/hotspot-tour.js?batch=false&locale=en-US","startTime":212.59999990463257,"connectEnd":212.59999990463257,"connectStart":212.59999990463257,"domainLookupEnd":212.59999990463257,"domainLookupStart":212.59999990463257,"fetchStart":212.59999990463257,"redirectEnd":0,"redirectStart":0,"requestStart":212.59999990463257,"responseEnd":713,"responseStart":713,"secureConnectionStart":212.59999990463257},{"duration":500.7000000476837,"initiatorType":"script","name":"https://jira.workterra.net/s/6aa3fcf1fac5fd551eee0b69077524e6-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/aae1242f5fc81cc6a5bb8bc963ccda29/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en-US","startTime":212.69999992847443,"connectEnd":212.69999992847443,"connectStart":212.69999992847443,"domainLookupEnd":212.69999992847443,"domainLookupStart":212.69999992847443,"fetchStart":212.69999992847443,"redirectEnd":0,"redirectStart":0,"requestStart":212.69999992847443,"responseEnd":713.3999999761581,"responseStart":713.3999999761581,"secureConnectionStart":212.69999992847443},{"duration":500.89999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":212.79999995231628,"connectEnd":212.79999995231628,"connectStart":212.79999995231628,"domainLookupEnd":212.79999995231628,"domainLookupStart":212.79999995231628,"fetchStart":212.79999995231628,"redirectEnd":0,"redirectStart":0,"requestStart":212.79999995231628,"responseEnd":713.6999999284744,"responseStart":713.6999999284744,"secureConnectionStart":212.79999995231628},{"duration":501,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":213,"connectEnd":213,"connectStart":213,"domainLookupEnd":213,"domainLookupStart":213,"fetchStart":213,"redirectEnd":0,"redirectStart":0,"requestStart":213,"responseEnd":714,"responseStart":714,"secureConnectionStart":213},{"duration":501.7000000476837,"initiatorType":"link","name":"https://jira.workterra.net/s/05c862146699bb029ceb0a489075e63b-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/bcd66e9a133a1b9f5fd14b56841e1c5b/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":213.09999990463257,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":213.09999990463257,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":714.7999999523163,"responseStart":0,"secureConnectionStart":0},{"duration":501.3000000715256,"initiatorType":"script","name":"https://jira.workterra.net/s/ecf7ec549751ae117b778f0525d6d371-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/8.5.0/_/download/batch/com.atlassian.auiplugin:split_aui.pattern.label/com.atlassian.auiplugin:split_aui.pattern.label.js?locale=en-US","startTime":213.09999990463257,"connectEnd":213.09999990463257,"connectStart":213.09999990463257,"domainLookupEnd":213.09999990463257,"domainLookupStart":213.09999990463257,"fetchStart":213.09999990463257,"redirectEnd":0,"redirectStart":0,"requestStart":213.09999990463257,"responseEnd":714.3999999761581,"responseStart":714.3999999761581,"secureConnectionStart":213.09999990463257},{"duration":501.5,"initiatorType":"script","name":"https://jira.workterra.net/rest/api/1.0/shortcuts/805012/344f6dde0e779bc821c159302c8a4389/shortcuts.js?context=issuenavigation&context=issueaction","startTime":213.29999995231628,"connectEnd":213.29999995231628,"connectStart":213.29999995231628,"domainLookupEnd":213.29999995231628,"domainLookupStart":213.29999995231628,"fetchStart":213.29999995231628,"redirectEnd":0,"redirectStart":0,"requestStart":213.29999995231628,"responseEnd":714.7999999523163,"responseStart":714.7999999523163,"secureConnectionStart":213.29999995231628},{"duration":501.7999999523163,"initiatorType":"link","name":"https://jira.workterra.net/s/9095228fa10daa2d3e3d7d5760c95e91-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/72477c22780abda5f51fe696920d843f/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-jira.view.issue,-project.issue.navigator/batch.css?jira.create.linked.issue=true&richediton=true","startTime":213.39999997615814,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":213.39999997615814,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":715.1999999284744,"responseStart":0,"secureConnectionStart":0},{"duration":501.7999999523163,"initiatorType":"script","name":"https://jira.workterra.net/s/c19a1b46e985d7fb85efaf27c8febfdd-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/72477c22780abda5f51fe696920d843f/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-jira.view.issue,-project.issue.navigator/batch.js?jira.create.linked.issue=true&locale=en-US&richediton=true","startTime":213.5,"connectEnd":213.5,"connectStart":213.5,"domainLookupEnd":213.5,"domainLookupStart":213.5,"fetchStart":213.5,"redirectEnd":0,"redirectStart":0,"requestStart":213.5,"responseEnd":715.2999999523163,"responseStart":715.2999999523163,"secureConnectionStart":213.5}],"threshold":1000,"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":81,"responseStart":206,"responseEnd":207,"domLoading":209,"domInteractive":1132,"domContentLoadedEventStart":1132,"domContentLoadedEventEnd":1177,"domComplete":1530,"loadEventStart":1530,"loadEventEnd":1533,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[],"measures":[],"correlationId":"3404d363eeb207","effectiveType":"4g","downlink":10,"rtt":0,"serverDuration":47,"dbReadsTimeInMs":3,"dbConnsTimeInMs":4,"applicationHash":"156decd7d2b4272533aa6cefc8294af635e1da97","experiments":[]}}
Bug
Zeeshan Chishty (Inactive)
added a comment - Hi Rakesh Roy We can close this ticket as we are not able to reproduce this issue.
When tested in Praetorian Identified vulnerable response page the issue is fixed and no internal IP is revealed. 
ST 169 is additional vulnerability related to
ST-107