Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-43726

JIRA provides many information to anonymous users


    • Icon: Suggestion Suggestion
    • Resolution: Timed out
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      In addition I already found this issue: https://jira.atlassian.com/browse/JRA-20505 but this was only for JIRA and the regarding footer.

      In general the full stack of Atlassian products is providing many meta information to anonymous users. That does not only affects the footer which can be adjusted manually for each product (See end-user-agreement, 6.4 Attribution) but also the information within html headers.

      Providing those information even to anonymous users on any login mask could be abused to identify security flaw. So if we just remove the version out of the footer, the page it self still contains any needed information, e.g.:

      <meta name="application-name" content="JIRA" data-name="jira" data-version="6.4.1">

      Also all manuell changes are not fully prove for upcoming update and increase therefore the impact of maintenance. In short: Editing templates is just quick and dirty and could not be the best practice.

      I suggest to give end users (in administration role) the opportunity hide all internal information for not logged in users. Such a system should only provide the login mask and in addition to the EUA 6.4 the "powered by Atlassian" term.

      Benefit and Business value
      Each product become more secure and more resistant to potential attacks. In my opinion this is helpful for all of your business customer who needs there Atlassian stack or single product online.

            Unassigned Unassigned
            7844e4e8c2d7 Andreas Morgner (Scandio)
            4 Vote for this issue
            2 Start watching this issue
