Shared filters page display username of filter owners for public

XMLWordPrintable

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Description:

      Shared filters page shows usernames of filter owners, even for not logged users. This is not desirable since an attacker can utilize the usernames for in a brute force or dictionary attack.

      Steps to reproduce:

      1. As an unauthenticated user, run a search for any term.
      2. The results pages has a "Find Filters" link
      3. Clicking on the "Find Filters" link redirects to a page with an option for "Popular".
      4. Clicking "Popular" lists filters "Shared with all users" and the usernames of authors of those filters.

      Suggestion:

      Hide the owner of the filter when an unauthenticated user tries to search for it. Alternatively, you can consider hiding only the username of the owner and show only its complete name.

            Assignee:
            Unassigned
            Reporter:
            Arthur Gonçalves (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: