Recently a "white hat" hacker team was hired by our IT department to probe for vulnerabilities in our intranet, including our JIRA installation. (JIRA was not compromised, btw -- woohoo!). During the exercise, they entered all sorts of script into the JIRA sign-in fields, creating spurious users. I was able to delete all the false accounts except the following two, which still remain in my user list:
These two lines are actually listed as usernames in the Users list. Problem is, when I try to delete them, the operation fails with a java.lang.NullPointerException at
Is there any way to manually remove these users (perhaps in the database itself)?
Before doing any delete operations in the database, I would recomend you to rename these users, and then try to delete it again.
Since the username is like an URL, perhaps it might be causing conflict in the application side.
If you're still facing the problem even renaming the user, I would strongly recommend you to backup your database before applying any delete operation on this, when you have the backup, the delete query should be this one:
delete from cwd_user where user_name in ('http://netsparker.com/n?.jspa', 'php://filter//resource=http://netsparker.com/n?.jspa')
I hope it helps!
I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs