Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-42626

Sensitive information displayed in anonymous REST API calls

XMLWordPrintable

      Expected behavior

      Block sensitive information from being displayed on anonymous REST API calls in JIRA.

      Actual behavior

      • Users' full-name are displayed when running the calls below:
        /user/picker?query=<username>
        /groupuserpicker?query=ali&showAvatar
        
      • Default fields and custom fields are displayed when running the call below:
        /jql/autocompletedata
        

      Workaround

      There's no current method for working around this within JIRA itself. The only solution would be to setup IP filtering on affected calls.

              ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
              jpalharini Joao Palharini (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: