I am assessing an addon to our JIRA/Confluence cloud instance. In the marketplace under 'Integration Details' There is the following statement:
'xxxxx for JIRA integrates with your Atlassian product. This remote service can:
That would appear to be giving full access to all of our Confluence and JIRA data to a third party.
However, looking at an existing plugin that we have installed, it has added a system user and has placed that system user in the jira_software_users group.
And I correct that a plugin can be limited in the data it can access in our instance by securing spaces and projects to only allow access to users with additional groups above the basic jira_software_users group?
Or do plugins get access to all our data?
The modification you mention would, in theory, work, however, it could break many add-ons if they require administrative level access.
My recommendation would be to reach out to the vendor in question regarding which add-ons you're most concerned about.
Let me know if you have any trouble determining that!
Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs