Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-16639

Jira icalendar plugin exposes public shared filters in REST api even when logged out

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 7.3.9, 8.5.2
    • REST API

    Description

      The Jira icalendar plugin exposes search filters that are shared as public when using the REST api /rest/ical/1.0/ical/config/query/options even when you are logged out. Testing steps

      1. Install any version of Jira 7.x
      2. Install the icalendar plugin
      3. Log out of the Jira and test the following endpoint http://localhost:8080/rest/ical/1.0/ical/config/query/options?_=1440617535208.  

      It is expected that no info is output in the json when the user is logged out

      Attachments

        Activity

          People

            Unassigned Unassigned
            svenkatachari shrivatsaa
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: