Description
If you go to http://jira.atlassian.com/500page.jsp, you'll see detailed config info for services and listeners, eg:
- Sales Issue POP Service (com.atlassian.jira.service.services.pop.PopService)
- Delay: 10 minutes
- handler: Create Or Comment Handler
- popserver: sales-issues @ atlassian.com
- handler.params: project=SALES, issuetype=3
- usessl: No SSL
- forwardEmail: jeff@atlassian.com
As great as this is for support, it does reveal potentially sensitive details like project keys to anonymous users. Also, if people develop custom services or listeners that are configured with passwords, those should show up here too.
I think we should only display services/listeners data to people who are logged in as administrators.
Attachments
Issue Links
- is caused by
-
JRASERVER-9119 Add custom plugins/listeners/services installed on a system in the system info page and support email
- Closed