Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-37581

Jira sends clear text emails with details even when an issue has a non-public issue security scheme

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      In our instance of Jira we are using the security level field as the basis of our security scheme and we are able to control who sees security issues at various levels.

      However, when a reporter creates a security issue, the summary and description of the issue are passed back to the reporter and potential watchers in a clear text email. Subsequent changes to the issue are also reported in emails. A diligent attacker could monitor such emails.

      It would be good if there was a simple way to control the content of emails sent when the security level is set.

      Our current workaround is to use an alternate notification system that allows greater control, but a simpler built-in solution would benefit all users.

              Unassigned Unassigned
              2f729941771e Michael de Raadt
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: