Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-38095

Unauthenticated User can access certain pages on a private JIRA instance

    XMLWordPrintable

Details

    Description

      When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator.

      If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes.

      If you click "Find filters" you would be able to see the names of filters, wherein the visibility was set to "All users".

      This is really critical for all users, especially those information are confidential and shouldn't be visible to unauthenticated users.

      Attachments

        1. mark_1.jpg
          mark_1.jpg
          77 kB
        2. mark_1.jpg
          mark_1.jpg
          42 kB
        3. mark_2.jpg
          mark_2.jpg
          83 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-22207 Add warning to Shared Filter explaining consequence of 'everyone'

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              158c6ea5fc5c Mark Love
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: