Atlassian Jira Email Visibility

Atlassian Jira may disclose the user's email addresses on each user's profile if the email visibility policy is left misconfigured.

Open up any user's profile in your Jira instance as an anonymous user and verify that you can view the email address of the user.

Make sure to set the proper setting for email visibility. One way to do so is:

Visit your Atlassian Jira Instance
Next, open up your settings by clicking on the gear icon next to your profile
Select System under Jira Settings
Select General Configuration in the side-navigation bar and click on Edit Settings (top-right of your page)
Scroll down to User email visibility and select the appropriate setting
Save your settings

Email-addresses could be used in further targeted exploitation attacks on company employees.

No references available.

Last updated 6 months ago