Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-41493

Some screens are visible to anonymous users

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Won't Do
    • None
    • None
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      It is the case with all OnDemand instances that some screens can be displayed without loggin in (if someone knows the the instance address). They don't expose much information, but still, the company logo (if added) is there, as well as the fact that JIRA Agile is active:

      • https://<instance>/secure/RapidStart.jspa
      • https://<instance>/secure/Dashboard.jspa

      Privacy-wise, it would be better if any anonymous user that shouldn't have access to the instance was automatically redirected to the login page upon attempting to open the above screens.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-42626 Sensitive information displayed in anonymous REST API calls

          • Low - Low priority issues
          • Closed

          Suggestion - JRACLOUD-41493 Some screens are visible to anonymous users

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              dwierzbicka Dobroslawa Wierzbicka (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: