Anonymous caused a status change in Jira -- scary

Running with Jira 5.2.2

My project manager tripped over this, asking why is the Resolution set to "xxxx" when the Status is in a unResolved state. I reviewed the issue's comments and came across:

Anonymous made changes - 02/Aug/13 1:54 PM
Status Resolved [ 5 ] Ready to Submit [ 10001 ]
Rick added a comment - 02/Aug/13 3:45 PM - edited

Please re-open. I tried to re-open and it now appears to be ready to submit

After chatting with Rick, I believe he left his Jira web page up pointing to this issue where one of the transition menus was to "reopen" the issue. He left and later returned, pressed the "reopen" button and did what most busy person -- ignored any errors and continued with his work.

I reviewed the catalina.out log for both Rick and anonymous but there were no logs (errors, warns, info) around that time period. I'm concerned because Anonymous force a state change and that state change for Resolved to "Ready to Submit" has no valid transition to get it there directly.

There are no current questions on this issue but I hoping for some comments or recommendations from the community.

2 answers

1 accepted

This widget could not be displayed.

Hmmmm. All my workflow transitions have conditions set to control access. There is one transition that goes from "Ready to Submit" to "Resolved" and the conditions on that transition do not allow that user to fire it. There are no transition that directly go from "Resolved" to "Ready to Submit" but the comment above show that Anonymous did do it. I'm using three plugins: ScriptRunner 2.1.11, Subversion 0.10.11.1 and Universal Plugin Manager 2.11 which are all rock solid plugins. I appreciate your responses Nic but for now I'm just going to have to keep a watchful eye on the situtation.

This widget could not be displayed.

Your workflow is missing conditions, such as "only people in the role of user can do this"

A workflow transition with no conditions is executable by absolutely anyone who can see the issue, without logging in. That's what's happened here.

Have a look at the (uneditable) jira default workflow - you'll see it has no transitions without any conditions, there's always at least one enforcing a "user must be logged in because I need to know that they're part of role X"

Good point but the active workflow does not have a transition directly from Resolved to "Ready to Submit" so how did it get there.

It did when the user clicked it. Either that, or you have a plugin that is bypassing the workflow (I'd advise deleting that immediately if that is the case)

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Aug 06, 2018 in Jira Service Desk

A is for Activate: Share your top Jira Service Desk onboarding tips for new users!

Hi, everyone! Molly here from the Jira Service Desk Product Marketing Team :).  In the spirit of this month's  august-challenge, we're sourcing stories of Jira Service Desk activation fro...

564 views 25 15
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you