Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.1.6, 6.2-OD-6
Affects Version/s: 5.1.1, 5.1.4
Component/s: REST API
Labels:

Introduced in Version:
5.01
CVSS Score:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access.

The former allows to enumerate all groups on a JIRA instance (by sending multiple queries as results are limited by jira.ajax.autocomplete.limit). We've verified this on an instance without any public projects / groups / whatsoever running version 5.1.1.

For an example see:
https://jira.atlassian.com/rest/api/2/groups/picker
https://jira.atlassian.com/rest/api/2/resolution

Attachments

Activity

People

Assignee:: Roman Tekhov (Inactive)

Reporter:: Patrick Otto

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 10/Sep/2012 12:19 PM

Updated:: 28/Mar/2019 12:07 AM

Resolved:: 14/Jan/2014 4:25 AM