Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71899

Usernames are exposed in the URL while accessing user profiles

    XMLWordPrintable

Details

    Description

      Issue Summary

      Usernames are displayed on User profile pages within Jira.
      Example:

      Steps to Reproduce

      1. Login with Jira
      2. Navigate to user profile
      3. The profile URL displays the username information.

      Expected Results

      Username information should not appear in the Jira URL, rather it should be replaced by an externally unidentified ID.

      Actual Results

      The username appears in the URL.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-23653 User Enumeration

          • Highest - Our top priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-67984 Logging in as a Non-admin user without Browse User Permission can view User Profiles

          • Medium - Medium priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-71369 User name appears in Change password URL

          • Low - Low priority issues
          • Gathering Impact

          Suggestion - JRASERVER-34165 username visisble to anonymous users

          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              abrancalhao@atlassian.com Armando Neto
              Votes:
              8 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated: