IS this something that should be suspicious?

Yoav Friedman April 22, 2021

Hi Friends,  

When I want to search for a specific employee to see issues that he is assigned to I suddenly see in the "search" section an SQL injection query and more users that do not exist in my system.
What do you think happened and should I be concerned?
2021-04-22_15h02_43.png

1 answer

0 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 23, 2021

Hi Yoav,

I understand you have concerns about seeing this username that looks like a sql injection attempt. 

One explanation is that someone tried to test the security of the site by creating an account with such a name. This becomes more likely to happen if you happen to be using Jira Service Management, as it has the potential to create an unlimited number of customer level accounts, and in some cases allows those users to create their own accounts.

Another possibility is that if you imported data into Jira from another source (say Jira Server/Data Center or some other issue tracker) Jira can create dummy user accounts in order to associate which issues are reported/assigned to users from that imported data.  Perhaps this user account is something that was imported from a previous data set.

You can see all the user accounts associated with your Cloud site if you go to

https://[yoursitename].atlassian.net/admin/users

You should see all such accounts that could be licensed users, as well an unlicensed JSM customers.  If this account is not in use, you can likely remove it from your site.

But seeing this option in this location does not really give me cause for concern here.  I suspect that somewhere in the issue data of your site, that user once existed in a user field.

Let me know if you have any followup concerns about this.

Andy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events