Managed filters are visible when you are logged out!!! BUG

Hi All,

are you awaking with this bug?

When you are not logged in, you can see the managed filters! Is it a bug???

However all the filters are empty.

Have a look:


3 answers

1 accepted

0 votes
Answer accepted

I don't think it's even a real "bug", because if you share a filter with "all users", that should probably include the "anonymous" users. I'm not sure how you'd know how to block that.

2 cents: Shouldn't be "shared with anyone" instead of "shared with all users" ? I think this is a little confusing; that sharing should be really split in two, one to allow anonymous access and the other one to allow all logged in users (so: "Shared with all users" and "Shared with anyone").

There's a security problem here, some users may leak information to the outside world without knowing it. Just an opinion.

I think the language could be improved - it feels like it was written by an experienced Jira admin, who is fully aware that enabling "anonymous" access implies that "anyone" is a "user".

But replacing "shared with all users" with "shared with anyone" is wrong. You don't *know* that anonymous can see stuff when you use that screen.

There is no security problem, as long as your admins are fully aware of how "anyone/anonymous" works and exposes lots of information (potentially)

But I do think all the wording is unhelpful.

I agree. Filter names can have sensitive data. If it is shared with all users, it should be visible only to logged in users. If shared with anyone, it should be visible to anonymous users.

But at the moment, JIRA has only one option to share with "Everyone". Fix should start there.


yes I don't think it would be a great bug but for many projects (companies) the filter name could be very sensitive info.

0 votes

I think it only shows filters that are shared with all users. The content will be based on the permissions of the projects involved in the filter.

IMHO it's a bug, and you should report it.

You can see the names of the "popular filters" which are shared, indeed, but since you cannot browse for other filters, it is a low severity bug.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in United States

From Atlassian: Confluence Security Advisory - 2019-03-20

Atlassian released a security advisory on 3/20/2019.  The full advisory is here: In a nutshe...

14 views 0 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you