Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

deleting wicked users

Kevin Mote
Kevin Mote
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 27, 2014

Recently a "white hat" hacker team was hired by our IT department to probe for vulnerabilities in our intranet, including our JIRA installation. (JIRA was not compromised, btw -- woohoo!). During the exercise, they entered all sorts of script into the JIRA sign-in fields, creating spurious users. I was able to delete all the false accounts except the following two, which still remain in my user list:

These two lines are actually listed as usernames in the Users list. Problem is, when I try to delete them, the operation fails with a java.lang.NullPointerException at

com.atlassian.jira.web.action.admin.user.DeleteUser.doValidation(DeleteUser.java:56)

Is there any way to manually remove these users (perhaps in the database itself)?

Answer
Watch
Like Be the first to like this
235 views

1 answer

1 accepted

1 vote
Answer accepted
Pedro Souza
Pedro Souza
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2014

Hi there,

Before doing any delete operations in the database, I would recomend you to rename these users, and then try to delete it again.

Since the username is like an URL, perhaps it might be causing conflict in the application side.

If you're still facing the problem even renaming the user, I would strongly recommend you to backup your database before applying any delete operation on this, when you have the backup, the delete query should be this one:

delete from cwd_user
where user_name in ('http://netsparker.com/n?.jspa', 'php://filter//resource=http://netsparker.com/n?.jspa')

I hope it helps!

Regards.

View More Comments
Kevin Mote
Kevin Mote
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 28, 2014

Good suggestion, but unfortunately it looks like I will have to wait until I upgrade to v6.0 to edit usernames. (That feature is not available in 5.x). Rather than mucking about in the database, I think I'll wait for my upgrade.

Thanks!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events