1 JIRA is showing Popular Filters (shared with all users) to user which are not logged in!
Does your JIRA also show all Filters which are "shared with all users" to really everyone in the world?
Just try the following:
- Make sure that you are not logged in
- Type in the following URL in your browser:
https://your-jira-domain.com/secure/ManageFilters.jspa - Do you also see something like this?
As you can see - without logging in you can get information about saved filters and names + mail adress from the filter owner.
Protect this data with our Prevent Anonymous Access Plugin!
2 JIRA is showing Popular Dashboards (shared with all users) to user which are not logged in!
Does your JIRA also show all Dashboards which are "shared with all users" to really everyone in the world?
Just try the following:
- Make sure that you are not logged in
- Type in the following URL in your browser:
https://your-jira-domain.com/secure/ConfigurePortalPages!default.jspa - Do you also see something like this?
As you can see - without logging in you can get information about saved Dashboards and names from the dashboard owner.
Protect this data with our Prevent Anonymous Access Plugin!
3 JIRA is interacting to user which are not logged in!
Also you are not logged in JIRA is interacting on different kind of places. Here you find some examples:
- Try to change the project avatar: https://jira.atlassian.com/secure/project/views/editproject.jsp
- You can use the quick search and will be lead to the JQL Screen. There you can try out some JQL queries.
Also you won't get any results the JIRA system is responding.
If you think this is not an acceptable behavior.
Protect this data with our Prevent Anonymous Access Plugin!
