in Our jira server, some rest api ( add below ) can be reached anonymous. we want to reach with only authentication. how can we solve the issue ?
the anonymous reaching api;
i do not think that there is a out of the box solution to enforce authentication for the mentioned endpoints
The only REST resources that allow such kind of access are those that are meant for anonymous access. These have to be explicitly marked with
@AnonymousAllowed or they will automatically reject any anonymous request. In addition i think that some endpoints need to be accessible before any authentication might take place (not sure if that is the case for the ones you listed, but i could think of some scenarios=
One option you could think of would be to block them explicitly on the load balancer (if in use) at least for access from the internet.
Looking at the first rest call, the information returned is related to the configured app links, which could also be extracted from the WebUI
On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link. We've seen a number of questions already asking for...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events