-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Low
-
None
-
Affects Version/s: 6.4
-
Component/s: User Management - Others
-
6.04
Expected behavior
Block sensitive information from being displayed on anonymous REST API calls in JIRA.
Actual behavior
- Users' full-name are displayed when running the calls below:
/user/picker?query=<username> /groupuserpicker?query=ali&showAvatar
- Default fields and custom fields are displayed when running the call below:
/jql/autocompletedata
Workaround
There's no current method for working around this within JIRA itself. The only solution would be to setup IP filtering on affected calls.
- is related to
-
-
- Closed
-
-
JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'
- Closed
-
- Closed
-
- Gathering Interest
- mentioned in
-
Page Loading...