• Type: Suggestion
• Resolution: Low Engagement
• Fix Version/s: None
• Component/s: Customer Portal, Knowledge Base
• Labels:

  • cleanup-seos-fy25
  • dmb-legacy-jac-none
  • kb
  • no-cvss-required
  • portal
  • ril
  • security
  • security_flaw

1. 

   image-2018-02-20-16-48-57-867.png

   10 kB

   20/Feb/2018 4:48 PM

2. 

   image-2018-02-26-21-28-33-467.png

   17 kB

   26/Feb/2018 9:28 PM

3. 

   image-2018-02-26-21-30-20-359.png

   38 kB

   26/Feb/2018 9:30 PM

4. 

   image-2018-02-26-21-35-41-596.png

   35 kB

   26/Feb/2018 9:35 PM

5. 

   image-2018-02-26-21-36-51-666.png

   27 kB

   26/Feb/2018 9:36 PM

[JSDSERVER-5657] Default behavior of Confluence KB search is insecure and opens all KB data up to customers

Collapse comment: Ishwinder Kaur added a comment - 03/Mar/2025 5:11 PM, Edited by Ishwinder Kaur - 03/Mar/2025 5:32 PM

Ishwinder Kaur added a comment - 5 days ago - edited

Atlassian Update - 03 March 2025

Hello,

Thank you for submitting this suggestion. We appreciate you taking the time to share your ideas for improving our products, as many features and functions come from valued customers such as yourself.

Atlassian is committed to enhancing the security and compliance of our Data Center products, with an emphasis on sustainable scalability and improving the product experience for both administrators and end-users. We periodically review older suggestions to ensure we're focusing on the most relevant feedback. This suggestion has had very low engagement over the past four years, with no new watchers, votes, or comments. As a result, we're closing it for now.

We understand that this suggestion might still be important to you. If you'd like to provide additional context or information about why it remains relevant, please contact our Technical Support team for assistance. We'll be happy to review your feedback.

You can read more about our approach to highly voted suggestions here and how we prioritize what to implement here.

To learn more about our recent investments in Jira Service Management Data Center, please check our public roadmap and our dashboards, which contain recently resolved issues, current work, and future plans.

Kind regards,
Jira Service Management Data Center

Expand comment: Ishwinder Kaur added a comment - 03/Mar/2025 5:11 PM, Edited by Ishwinder Kaur - 03/Mar/2025 5:32 PM

Ishwinder Kaur added a comment - 5 days ago - edited Atlassian Update - 03 March 2025 Hello, Thank you for submitting this suggestion. We appreciate you taking the time to share your ideas for improving our products, as many features and functions come from valued customers such as yourself. Atlassian is committed to enhancing the security and compliance of our Data Center products, with an emphasis on sustainable scalability and improving the product experience for both administrators and end-users. We periodically review older suggestions to ensure we're focusing on the most relevant feedback. This suggestion has had very low engagement over the past four years, with no new watchers, votes, or comments. As a result, we're closing it for now. We understand that this suggestion might still be important to you. If you'd like to provide additional context or information about why it remains relevant, please contact our Technical Support team for assistance. We'll be happy to review your feedback. You can read more about our approach to highly voted suggestions here and how we prioritize what to implement here. To learn more about our recent investments in Jira Service Management Data Center, please check our public roadmap and our dashboards, which contain recently resolved issues , current work, and future plans. Kind regards, Jira Service Management Data Center

Collapse comment: James H added a comment - 26/Feb/2018 9:36 PM

James H added a comment - 26/Feb/2018 9:36 PM

@sraj2 thanks for replying.  Steps as follows:

You have Service Desk project with a portal which you have configured to link to a KB:

You have some request types that are restricted by label:

 

But now someone goes and adds a new request type and doesn't realise that it will be automatically added to list of request types here AND the label restriction will be unpopulated therefore unrestricted.  Without knowing it they have opened up everything in the linked Confluence space to the portal users.  This is a dangerous default behavior that needs to be fixed please!!

 

Expand comment: James H added a comment - 26/Feb/2018 9:36 PM

James H added a comment - 26/Feb/2018 9:36 PM @sraj2 thanks for replying.  Steps as follows: You have Service Desk project with a portal which you have configured to link to a KB: You have some request types that are restricted by label:   But now someone goes and adds a new request type and doesn't realise that it will be automatically added to list of request types here AND the label restriction will be unpopulated therefore unrestricted.  Without knowing it they have opened up everything in the linked Confluence space to the portal users.  This is a dangerous default behavior that needs to be fixed please!!  

Collapse comment: FNU added a comment - 22/Feb/2018 10:43 PM

FNU added a comment - 22/Feb/2018 10:43 PM

james.holt can you please provide step by step instruction to reproduce this issue?

Expand comment: FNU added a comment - 22/Feb/2018 10:43 PM

FNU added a comment - 22/Feb/2018 10:43 PM james.holt can you please provide step by step instruction to reproduce this issue?