Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-42626

Sensitive information displayed in anonymous REST API calls

XMLWordPrintable

      Expected behavior

      Block sensitive information from being displayed on anonymous REST API calls in JIRA.

      Actual behavior

      • Users' full-name are displayed when running the calls below:
        /user/picker?query=<username>
        /groupuserpicker?query=ali&showAvatar
        
      • Default fields and custom fields are displayed when running the call below:
        /jql/autocompletedata
        

      Workaround

      There's no current method for working around this within JIRA itself. The only solution would be to setup IP filtering on affected calls.

            ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
            jpalharini Joao Palharini (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: