Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Fix
Priority: Low
Fix Version/s: None
Affects Version/s: 6.4
Component/s: User Management - Others
Labels:

Introduced in Version:
6.04

Expected behavior

Block sensitive information from being displayed on anonymous REST API calls in JIRA.

Actual behavior

Users' full-name are displayed when running the calls below:

/user/picker?query=<username>
/groupuserpicker?query=ali&showAvatar

Default fields and custom fields are displayed when running the call below:
```
/jql/autocompletedata
```

Workaround

There's no current method for working around this within JIRA itself. The only solution would be to setup IP filtering on affected calls.

is related to

JRASERVER-34914 Issue Navigator Accessible by anonymous users.

Closed

JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

Closed

JRASERVER-41493 Some screens are visible to anonymous users

Closed

JRASERVER-40787 It should be possible to restrict access to the Issue Navigator by anonymous users

Gathering Interest

mentioned in: Page Loading...

Assignee:: Oswaldo Hernandez (Inactive)
Reporter:: Joao Palharini (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: 25/Mar/2015 1:19 PM
Updated:: 28/Mar/2019 12:17 AM
Resolved:: 10/Apr/2015 6:11 AM