Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Low priority username leak?

Christopher Morton
Christopher Morton July 13, 2023

In JIRA, if you use the @ reference internal usernames, the names will often show the username to internal and friendly name to frontend users/customers (Typically first name or first name and last initial). If you type @InternalUser, you get John S. rather than john-admin, which is the user's JIRA login account. Suppose you are using the TEXT field and assume you will link an internal user (coworker). In that case, you can expose the internal object for that particular internal user/coworker using the following inputs in the TEXT MODE editor.

[ @InternalUser | https://somelink.com ]

What ends up happening is the username gets pulled in automatically via Jira @ lookup, then nested as string input into a URL link. The result is a bug as it does not print the friendly name when the link is rendered but the internal username. What do you guys think?

On another note, I needed help locating where to submit bugs to the Jira team.

Any help is appreciative, and thank you.

Chris

Jira v8.20.12

Answer
Watch
Like # people like this
647 views

2 answers

3 votes
Florian Bonniec
Florian Bonniec
Community Champion
July 13, 2023

Hi @Christopher Morton 

 

Not sure if it's a bug, the @ is used to mention someone and create a link to the profile page of the user. So it could not be used to link to another link no ?

 

Regards

View More Comments
Christopher Morton
Christopher Morton July 13, 2023

The problem is before you post the command it looks the same as a normal mention using @User. So while maybe it can't be use to link lets say to that users last comment, maybe it should. Otherwise the users just have to know of this weird quirk that can leak a username.

Like
Sayed Bares _ServiceRocket_
Sayed Bares _ServiceRocket_
Community Champion
July 15, 2023

@Christopher Morton You have full control over this and you can decide who can mention users by giving them Browse users and groups permission. If a users doesn't have the Browse users and groups permission then they wont be able to search for users in your Jira instance.

Like
Christopher Morton
Christopher Morton July 16, 2023

@Sayed Bares _ServiceRocket_ ,

Rather than restricting the permissions, is there a way to modify the @mention display to be the friendly name vs. the username? 

Like
Christine B
Christine B
Contributor
July 17, 2023

We use Jira Cloud and the Public Name is not allowing my changes of the Friendly/Public Name Editor to transport over to the ATLASSIAN Community User profile. 

Manage User Account > Profile and Visibility > About You

I can edit my Jira Account Name.  But View setting =Anyone which is grayed out.  Setting appears to be controlled by our Site Admin or the Cloud Admin.  ATLASSIAN Community public bio uses the Jira Account name as it appears internally.  

Still kicking the tires on the tools.   It could just be me since I am not the current ADMIN and it could be a User setting.

Like
Christine B
Christine B
Contributor
July 17, 2023

Appears to be fixed now in the ATLASSIAN Community or tweaked the correct User setting.

Like
Reply
2 votes
Dan Breyen
Dan Breyen
Community Champion
July 13, 2023

Hi @Christopher Morton welcome to the community!  Atlassian's jira site is at jira.atlassian.com

I took a quick look and didn't see anything that looked like this issue, but I may have missed it.

I'm on the cloud, so I can't test it, but it sounds like it could be an issue.

Hope that helps.

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security