Skip to main content
Skip table of contents

Why use Attachment Checker

A common use case for Attachment Checker is file type checking.
It address CWE-434 (Unrestricted Upload of File with Dangerous Type) since it is possible for attacker to upload/transfer files of dangerous types that can be automatically processed within the product’s environment.

While Jira’s in-built feature allows you to restrict unwanted file extensions for better security, there are some issues not addressed:

  • Users can easily bypass the check by renaming file extensions

  • Attachments uploaded through 3rd party apps are not checked

MIME type check

Attachment Checker helps to prevent extension bypass with 2 layers of checking:

  1. Extension check – based on the filename of the attachment

  2. MIME type check – based on the content of the attachment

acj 2 layers of filter.png

Check out Restrict attachments by file type to find out more!

Support for 3rd party apps

Currently, Attachment Checker supports attachments uploaded through the following apps:

  1. Assets

  2. Xray Test Management for Jira

  3. Zephyr Scale - Test Managerment for Jira

Let us know if you would like us to support other apps not in the list!

Utility Tool for Attachments

It is a suite packed with Features to manage attachments in Jira.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close