Recently a "white hat" hacker team was hired by our IT department to probe for vulnerabilities in our intranet, including our JIRA installation. (JIRA was not compromised, btw -- woohoo!). During the exercise, they entered all sorts of script into the JIRA sign-in fields, creating spurious users. I was able to delete all the false accounts except the following two, which still remain in my user list:
These two lines are actually listed as usernames in the Users list. Problem is, when I try to delete them, the operation fails with a java.lang.NullPointerException at
Is there any way to manually remove these users (perhaps in the database itself)?
Before doing any delete operations in the database, I would recomend you to rename these users, and then try to delete it again.
Since the username is like an URL, perhaps it might be causing conflict in the application side.
If you're still facing the problem even renaming the user, I would strongly recommend you to backup your database before applying any delete operation on this, when you have the backup, the delete query should be this one:
delete from cwd_user where user_name in ('http://netsparker.com/n?.jspa', 'php://filter//resource=http://netsparker.com/n?.jspa')
I hope it helps!
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs