Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-64963

REST Service Is Providing Information Without A Valid Login

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Problem Definition

      If we make a call to JIRA without any active logon for such as HTTP://localhost:8080/rest/menu/latest/admin/ we will be presented with below data:

      [{"key":"admin","link":"http://localhost:8080/secure/project/ViewProjects.jspa","label":"Your Company JIRA administration","tooltip":"","local":true,"self":true,"applicationType":"jira"}]

      Suggested Solution

      There should be an empty response without active login or any error message saying that you need to be authenticated to access the system

      Why this is important

      Currently, the information shown when running the rest call might make the customer think that there is a security issue at their end which might cause unnecessary panic at their end.

      Workaround

      No workaround is available at the moment

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-64963 REST Service Is Providing Information Without A Valid Login

          • Closed

          Activity

            People

              Unassigned Unassigned
              smanimaran Shan Sharma Manimaran (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: