Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-17034

Shared Filter properties exposed without authentication

XMLWordPrintable

      Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal.

      Example 1: Searching filters

      http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search

      Example 2: Viewing properties of filters. I can see custom fields, search terms, etc. if they are used within the filter.

      https://support.atlassian.com/secure/IssueNavigator.jspa?mode=hide&requestId=13244

            Unassigned Unassigned
            davidyu David Yu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: