Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Medium
Fix Version/s: None
Affects Version/s: 3.13.3
Component/s: Navigation - Filters
Labels:
- affects-server
- security

Introduced in Version:
3.13
Bug Fix Policy:
View Atlassian Server bug fix policy

Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal.

Example 1: Searching filters

http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search

Example 2: Viewing properties of filters. I can see custom fields, search terms, etc. if they are used within the filter.

https://support.atlassian.com/secure/IssueNavigator.jspa?mode=hide&requestId=13244

duplicates

JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

Closed

is related to

JRASERVER-22207 Add warning to Shared Filter explaining consequence of 'everyone'

Closed

Assignee:: Unassigned

Reporter:: David Yu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 24/Apr/2009 5:21 PM

Updated:: 27/Mar/2019 11:54 PM

Resolved:: 05/Jan/2011 3:24 AM