Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-17034

Shared Filter properties exposed without authentication

    XMLWordPrintable

Details

    Description

      Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal.

      Example 1: Searching filters

      http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search

      Example 2: Viewing properties of filters. I can see custom fields, search terms, etc. if they are used within the filter.

      https://support.atlassian.com/secure/IssueNavigator.jspa?mode=hide&requestId=13244

      Attachments

        Issue Links

          duplicates

          Suggestion - JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-22207 Add warning to Shared Filter explaining consequence of 'everyone'

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              davidyu David Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: