Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-37581

Jira sends clear text emails with details even when an issue has a non-public issue security scheme

    XMLWordPrintable

    Details

    • Feedback Policy:
      We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      In our instance of Jira we are using the security level field as the basis of our security scheme and we are able to control who sees security issues at various levels.

      However, when a reporter creates a security issue, the summary and description of the issue are passed back to the reporter and potential watchers in a clear text email. Subsequent changes to the issue are also reported in emails. A diligent attacker could monitor such emails.

      It would be good if there was a simple way to control the content of emails sent when the security level is set.

      Our current workaround is to use an alternate notification system that allows greater control, but a simpler built-in solution would benefit all users.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              michaeld1 Michael de Raadt
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: