Atlassian: Please confirmation you read this

Hi Atlassian,

I’ve created an issue but I do not know whether it was the right place.

https://ecosystem.atlassian.net/jira/software/c/projects/AMS/issues/AMS-10834

Please, might you confirm it has been read?

Thanks,
Pablo

Three hours and none read it?

Is there anyone piloting the plane?

https://www.atlassian.com/trust/security/report-a-vulnerability is probably a better place to start for this

Done. I emailed the security team. Thank you.

Hey @pablo,

Thanks for the report! I pinged the relevant team internally about this :slight_smile:

1 Like

Hi @pablo,

I confirm that we have reviewed your report and responded to your query on https://getsupport.atlassian.com/browse/SECREP-456.

We determined that this is a false positive as Jira standalone version (part of the Atlassian Plugin SDK) is for development use only.

Please let us know if you have any questions. Thank you.

Yes, my fault. I didn’t realize this feature is not available in production. Sorry for the alarm.

Thanks for having a look at this.

Since this has no impact on production it can be disclosed. Perhaps someone is interested in making it work. It would be very interesting seeing plugins from a different perspective.

From your Server/DC development environment, try:

http://localhost:2990/jira/plugins/servlet/system/console

  • username: admin
  • password: admin

The links of the console are broken but you can run it via Jetty, for instance.