Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIra security vulnerabilities

Hi Team,

Our IT team has found a security exception issue with the this URL: https://jira.lenovo.com/secure/popups/UserPickerBrowser.jspa

As we noticed, this URL isn’t asking for a login and is exposing the customer content as is (with PII information). Since our JIRA instance is open to public, it is facing a bigger security threat. Please advise on a fix asap.

1 answer

1 vote

Log in as an admin, and go to "global permissions" in the administration screens.

Find the line that says "Browse users: anyone" and click delete underneath it.

As you have a system open to the internet and one of your administrators has thought it's ok to use "anyone", I'd strongly recommend that you review all of your permission schemes as well as global permissions, and check that "anyone" is only used for read-only access to the projects you really do want to be totally public.

Dear @Nic Brough _Adaptavist_ ,

thank u for ur explanation. If i change this option, it´s no longer possible, that costumer marks me with the @ in commentar field. Is there an other option or did i missed an permission?

 

Hallo @IT TEAM23 

No, that's the whole point of being able to turn it off.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

Submit your Jira Service Management use case and win!

Hi everyone - in case you haven’t heard, we’re hosting the show of the century on November 10th: High Velocity: ITSM World Tour.     This virtual, concert-themed experience...

272 views 1 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you