[原文]secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.
Atlassian JIRA Enterprise Edition contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker passes the string 'secure/ConfigureReleaseNote.jspa' in the URL, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.