Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-80245

Anonymous users can reach Jira system filter endpoints

XMLWordPrintable

      Issue Summary

      Anonymous users are able to reach the /issues/?filter=-<id> for sites without authenticating to access the page.

      Steps to Reproduce

      1. In an incognito window, access the URL of a site's All issues filter (sitename.atlassian.net/issues/?filter=-4)
      2. Note that, while issues should not appear unless the Browse issue permission is set for public access, the page is still visible/reachable

      Expected Results

      A window containing an inaccessible message should be displayed, similar to browsing to /jira/filters for a given site:

      Actual Results

      The page loads and includes links for other system filters, but doesn't explicitly deny users from accessing the page:

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. image-2022-12-15-14-05-15-253.png
          image-2022-12-15-14-05-15-253.png
          41 kB
        2. image-2022-12-15-14-06-07-668.png
          image-2022-12-15-14-06-07-668.png
          62 kB

              Unassigned Unassigned
              0c5899a89788 Donald Wright
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: