Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 8.6.1, 7.13.18, 8.15.0
Component/s: System Administration - Secure Administrator Sessions
Labels:
- privacy

Introduced in Version:
7.13
Support reference count:
2
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Personal information shared in GET request : user name appearing in the GET request
http://localhost:8854/j854/secure/ChangePassword!default.jspa?username=USERNAME&inline=true&decorator=dialog&_=1595499363660

Steps to Reproduce

Login with Jira
Navigate to user profile
Change password
The same user name is not appeared while performing Forget password from login screen

Expected Results

Username should not appear in the URL. Rather user name should be passed as a POST function rather than GET request.

Actual Results

Username appears in the URL and violets the GDPR compliance.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

relates to

JRASERVER-71899 Usernames are exposed in the URL while accessing user profiles

Gathering Impact

Assignee:: Unassigned

Reporter:: Vedika Tambolkar

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 28/Jul/2020 12:36 PM

Updated:: 05/Apr/2024 2:25 AM