Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
8.6.1, 7.13.18, 8.15.0
-
7.13
-
2
-
Severity 3 - Minor
-
1
-
Description
Issue Summary
Personal information shared in GET request : user name appearing in the GET request
http://localhost:8854/j854/secure/ChangePassword!default.jspa?username=USERNAME&inline=true&decorator=dialog&_=1595499363660
Steps to Reproduce
- Login with Jira
- Navigate to user profile
- Change password
The same user name is not appeared while performing Forget password from login screen
Expected Results
Username should not appear in the URL. Rather user name should be passed as a POST function rather than GET request.
Actual Results
Username appears in the URL and violets the GDPR compliance.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- relates to
-
JRASERVER-71899 Usernames are exposed in the URL while accessing user profiles
- Gathering Impact