Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

IS this something that should be suspicious? Edited

Hi Friends,  

When I want to search for a specific employee to see issues that he is assigned to I suddenly see in the "search" section an SQL injection query and more users that do not exist in my system.
What do you think happened and should I be concerned?
2021-04-22_15h02_43.png

1 answer

0 votes
Andy Heinzer Atlassian Team Apr 23, 2021

Hi Yoav,

I understand you have concerns about seeing this username that looks like a sql injection attempt. 

One explanation is that someone tried to test the security of the site by creating an account with such a name. This becomes more likely to happen if you happen to be using Jira Service Management, as it has the potential to create an unlimited number of customer level accounts, and in some cases allows those users to create their own accounts.

Another possibility is that if you imported data into Jira from another source (say Jira Server/Data Center or some other issue tracker) Jira can create dummy user accounts in order to associate which issues are reported/assigned to users from that imported data.  Perhaps this user account is something that was imported from a previous data set.

You can see all the user accounts associated with your Cloud site if you go to

https://[yoursitename].atlassian.net/admin/users

You should see all such accounts that could be licensed users, as well an unlicensed JSM customers.  If this account is not in use, you can likely remove it from your site.

But seeing this option in this location does not really give me cause for concern here.  I suspect that somewhere in the issue data of your site, that user once existed in a user field.

Let me know if you have any followup concerns about this.

Andy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
Community showcase

The benefits of using Jira in different departments

Jira is a great tool to use across different departments. Forget that paperwork – switch to Jira and get that tasks done smoothly. Marketing Jira allows for a complete digital transformation of you...

95 views 0 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you