Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.0.0
Affects Version/s: None
Component/s: Security
Labels:

Symptom Severity:
Severity 3 - Minor
UIS:
1

Some customers require a high level of security/privacy for their users. At this time, an anonymous or non-logged in user can visitviewAdministrators.action and review contact details.

While there is the current ability to hide the associated user information such as IM groups and email, this will still leave a list of user names.

An improvement for Bamboo will to be to allow the hiding of all information on this page, or, enable this page to be disabled completely or redirected.

Workaround

Edit <bamboo install dir>/atlassian-bamboo/WEB-INF/classes/struts.xml
Look for action name="viewAdministrators"

Comment out the whole block:

<!--     <action name="viewAdministrators" class="com.atlassian.bamboo.ww2.actions.admin.user.ViewAdministrators">
      <result name="success" type="freemarker">/admin/user/viewAdministrators.ftl</result>
    </action> -->

Restart Bamboo

Visiting viewAdministrators.action will result in a Page Not Found error.

is related to

BAM-16461 Configuration option to lock down "Contact Administrators" on the Bamboo pages footer.

Closed

BAM-20600 As an administrator I want to be able to disable the list of administrators

Closed

BDEV-13028 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

(2 mentioned in)

Assignee:: Adam Slaski (Inactive)
Reporter:: Neil Hickey (Inactive)
Votes:: 7 Vote for this issue
Watchers:: 16 Start watching this issue

Due:: 08/May/2017
Created:: 22/Oct/2014 4:54 AM
Updated:: 25/Jan/2024 3:28 AM
Resolved:: 11/Apr/2017 8:08 AM

Details

Description

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates