Intigriti - Hack Hub
  • Misconfig Mapper Docs
    • Introduction
    • Supported Services
    • CLI Tool
    • Contributing
  • Services
    • GraphQL
      • GraphQL Introspection Query Enabled
    • Symfony PHP
      • Symfony Profiler Enabled
    • Postman API Platform
      • Public Workspaces
    • Salesforce
      • Salesforce Lightning Aura Components Enabled
    • Trello
      • View Permissions on Trello Boards
    • Figma
      • View access misconfiguration
    • Freshworks Freshservice
      • Open User Registration
    • Slack
      • No Admin Approval for Invitations
    • Atlassian Bitbucket
      • Publicly Accessible Private Repositories
    • Atlassian Confluence
      • Anonymous access to Remote API
      • Disabled XSRF Protection
      • User Email Visibility
      • Misconfigured Spaces
    • Atlassian Jira
      • Open User Registration
      • Atlassian Jira Email Visibility
      • Atlassian Jira Service Desk Open Signups
    • AWS S3
      • Misconfigured List Permissions
    • Cloudflare R2
      • R2.DEV Enabled
    • Google Groups
      • Misconfigured read permissions
    • Google Docs
      • Misconfigured read permissions
    • Google Cloud Storage Bucket
      • Misconfigured access controls
    • Google OAuth
      • Unrestricted email domains
    • Jenkins
      • Open Signups
      • Public Groovy Script Console
    • GitLab
      • Gitlab Private Source Code Snippets Exposed
    • Drupal
      • Drupal Nodes with Misconfigured Access Controls
    • Laravel
      • Debug Mode Enabled
      • Laravel Telescope Enabled In Production
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Services
  2. Atlassian Jira

Atlassian Jira Email Visibility

PreviousOpen User RegistrationNextAtlassian Jira Service Desk Open Signups

Last updated 12 months ago

Was this helpful?

Description:

Atlassian Jira may disclose the user's email addresses on each user's profile if the email visibility policy is left misconfigured.

Testing:

Open up any user's profile in your Jira instance as an anonymous user and verify that you can view the email address of the user.

Remediation:

Make sure to set the proper setting for email visibility. One way to do so is:

  1. Visit your Atlassian Jira Instance

  2. Next, open up your settings by clicking on the gear icon next to your profile

  3. Select System under Jira Settings

  4. Select General Configuration in the side-navigation bar and click on Edit Settings (top-right of your page)

  5. Scroll down to User email visibility and select the appropriate setting

  6. Save your settings

Potential Impact:

Email-addresses could be used in further targeted exploitation attacks on company employees.

References:

No references available.