Direct access to issue via url discloses structure without authentication

XMLWordPrintable

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Low
    • None
    • Affects Version/s: 5.0
    • Component/s: None
    • 5

      If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication.

              Assignee:
              Unassigned
              Reporter:
              StefanN
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: