-
Bug
-
Resolution: Won't Fix
-
Low
-
None
-
6.4
-
6.04
-
Expected behavior
Block sensitive information from being displayed on anonymous REST API calls in JIRA.
Actual behavior
- Users' full-name are displayed when running the calls below:
/user/picker?query=<username> /groupuserpicker?query=ali&showAvatar
- Default fields and custom fields are displayed when running the call below:
/jql/autocompletedata
Workaround
There's no current method for working around this within JIRA itself. The only solution would be to setup IP filtering on affected calls.
- is related to
-
JRASERVER-34914 Issue Navigator Accessible by anonymous users.
- Closed
-
JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'
- Closed
-
JRASERVER-41493 Some screens are visible to anonymous users
- Closed
-
JRASERVER-40787 It should be possible to restrict access to the Issue Navigator by anonymous users
- Gathering Interest
- mentioned in
-
Page Loading...