[JRASERVER-71899] Usernames are exposed in the URL while accessing user profiles

Type: Bug
Resolution: Unresolved
Priority: Low (View bug fix roadmap)
Fix Version/s: None
Affects Version/s: 8.13.0, 7.13.18, 8.15.0, 8.18.1
Component/s: System Administration - Secure Administrator Sessions, User Management - User Profile
Labels:
- GDPR

Introduced in Version:
7.13
Support reference count:
11
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Usernames are displayed on User profile pages within Jira.
Example:

https://localhost/jira/secure/ViewProfile.jspa?name=paulo

Steps to Reproduce

Login with Jira
Navigate to user profile
The profile URL displays the username information.

Expected Results

Username information should not appear in the Jira URL, rather it should be replaced by an externally unidentified ID.

Actual Results

The username appears in the URL.

Workaround

Currently, there is no known workaround for this behavior. A workaround will be added here when available

is related to

JRASERVER-23653 User Enumeration

Closed

JRASERVER-67984 Logging in as a Non-admin user without Browse User Permission can view User Profiles

Closed

JRASERVER-71369 User name appears in Change password URL

Gathering Impact

JRASERVER-34165 username visisble to anonymous users

Closed

mentioned in: Page Failed to load

Form Name

Kaviraj Kyatam added a comment - 10/Jun/2022 11:05 AM

Kaviraj Kyatam added a comment - 10/Jun/2022 11:05 AM +1

Kaviraj Kyatam added a comment - 05/Jan/2022 9:48 AM

Kaviraj Kyatam added a comment - 05/Jan/2022 9:48 AM +1

Michael Rosenberger added a comment - 12/Oct/2021 7:22 AM

This bug makes it impossible to use one Jira-instance and share it with multiple customers, that should not see each other. This is a major risk at our end.

Michael Rosenberger added a comment - 12/Oct/2021 7:22 AM This bug makes it impossible to use one Jira-instance and share it with multiple customers, that should not see each other. This is a major risk at our end.

rob.webb@dell.com added a comment - 04/Aug/2021 9:37 PM

At least a workaround would be nice for this. Currently we are tasked with getting this vulnerability remediated.

rob.webb@dell.com added a comment - 04/Aug/2021 9:37 PM At least a workaround would be nice for this. Currently we are tasked with getting this vulnerability remediated.

Faisal Shamim added a comment - 23/Apr/2021 7:33 PM

We want to see fix this bug asap as its a major risk at our end,

Faisal Shamim added a comment - 23/Apr/2021 7:33 PM We want to see fix this bug asap as its a major risk at our end,

Assignee:: Unassigned

Reporter:: Armando Neto

Affected customers:: 11 This affects my team

Watchers:: 12 Start watching this issue

Created:: 10/Dec/2020 9:11 PM

Updated:: 04/Jan/2025 2:18 AM

Jira Data Center

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: Kaviraj Kyatam added a comment - 10/Jun/2022 11:05 AM

Expand comment: Kaviraj Kyatam added a comment - 10/Jun/2022 11:05 AM

Collapse comment: Kaviraj Kyatam added a comment - 05/Jan/2022 9:48 AM

Expand comment: Kaviraj Kyatam added a comment - 05/Jan/2022 9:48 AM

Collapse comment: Michael Rosenberger added a comment - 12/Oct/2021 7:22 AM

Expand comment: Michael Rosenberger added a comment - 12/Oct/2021 7:22 AM

Collapse comment: rob.webb@dell.com added a comment - 04/Aug/2021 9:37 PM

Expand comment: rob.webb@dell.com added a comment - 04/Aug/2021 9:37 PM

Collapse comment: Faisal Shamim added a comment - 23/Apr/2021 7:33 PM

Expand comment: Faisal Shamim added a comment - 23/Apr/2021 7:33 PM

People

Dates