Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71369

User name appears in Change password URL

    XMLWordPrintable

Details

    Description

      Issue Summary

      Personal information shared in GET request : user name appearing in the GET request
      http://localhost:8854/j854/secure/ChangePassword!default.jspa?username=USERNAME&inline=true&decorator=dialog&_=1595499363660

      Steps to Reproduce

      1. Login with Jira
      2. Navigate to user profile
      3. Change password
        The same user name is not appeared while performing Forget password from login screen

      Expected Results

      Username should not appear in the URL. Rather user name should be passed as a POST function rather than GET request.

      Actual Results

      Username appears in the URL and violets the GDPR compliance.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-71899 Usernames are exposed in the URL while accessing user profiles

          • Low - Low priority issues
          • Gathering Impact

          Activity

            People

              Unassigned Unassigned
              vtambolkar@atlassian.com Vedika Tambolkar
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: