Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-67167

JIRA includes the Username in links on the edit profile page

    XMLWordPrintable

Details

    Description

      This can pose a security issue. For example, information about the username can be used to perform dictionary attacks on the login page. Suggest just using the username stored in the session while editing your own profile, or a POST for editing other users

      Steps to Reproduce:
      1. Go to View Ossue page.
      2. Click on the user in the user detail pop-up. Notice the username in the URL.

      Attachments

        Issue Links

          is related to

          Suggestion - JRACLOUD-44207 atl_token appended to request URL

          • Closed

          Activity

            People

              Unassigned Unassigned
              tyler.x.miller.-nd tyler.x.miller.-nd
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: