[JRASERVER-38095] Unauthenticated User can access certain pages on a private JIRA instance - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Not a bug
Affects Version/s: 6.1.6
Fix Version/s: None
Component/s: None
Labels:

Introduced in Version:
6.01
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator.

If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes.

If you click "Find filters" you would be able to see the names of filters, wherein the visibility was set to "All users".

This is really critical for all users, especially those information are confidential and shouldn't be visible to unauthenticated users.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

mark_1.jpg
42 kB
30/Apr/2014 9:45 AM
mark_1.jpg
77 kB
30/Apr/2014 9:39 AM
mark_2.jpg
83 kB
30/Apr/2014 9:45 AM

Issue Links

relates to

JRASERVER-22207 Add warning to Shared Filter explaining consequence of 'everyone'

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Mark Love

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 30/Apr/2014 9:37 AM

Updated:: 28/Mar/2019 12:13 AM

Resolved:: 06/May/2014 3:40 AM