Our IT team has found a security exception issue with the this URL: https://jira.lenovo.com/secure/popups/UserPickerBrowser.jspa
As we noticed, this URL isn’t asking for a login and is exposing the customer content as is (with PII information). Since our JIRA instance is open to public, it is facing a bigger security threat. Please advise on a fix asap.
Log in as an admin, and go to "global permissions" in the administration screens.
Find the line that says "Browse users: anyone" and click delete underneath it.
As you have a system open to the internet and one of your administrators has thought it's ok to use "anyone", I'd strongly recommend that you review all of your permission schemes as well as global permissions, and check that "anyone" is only used for read-only access to the projects you really do want to be totally public.
Hi everyone - in case you haven’t heard, we’re hosting the show of the century on November 10th: High Velocity: ITSM World Tour. This virtual, concert-themed experience...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events