-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
None
-
1
-
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Problem Definition
If we make a call to JIRA without any active logon for such as HTTP://localhost:8080/rest/menu/latest/admin/ we will be presented with below data:
[{"key":"admin","link":"http://localhost:8080/secure/project/ViewProjects.jspa","label":"Your Company JIRA administration","tooltip":"","local":true,"self":true,"applicationType":"jira"}]
Suggested Solution
There should be an empty response without active login or any error message saying that you need to be authenticated to access the system
Why this is important
Currently, the information shown when running the rest call might make the customer think that there is a security issue at their end which might cause unnecessary panic at their end.
Workaround
No workaround is available at the moment
- relates to
-
JRACLOUD-64963 REST Service Is Providing Information Without A Valid Login
- Closed