Open User Registration

Description:

It is possible that anyone can signup in your Atlassian Jira instance due to a misconfiguration in the domain allow list.

Testing:

You can cross-check if user registration is open for anyone by navigating to the following app route:

/secure/Signup!default.jspa

Remediation:

Make sure to set the proper setting for new signups. One way to do so is:

Visit your Atlassian Jira Instance
Next, open up your settings by clicking on the gear icon next to your profile
Select Products under Jira Settings
Select Customer Access under Jira Service Management in the side-navigation bar
Scroll down to Portal access and select Don't allow customers to create their own accounts
Save your settings

Potential Impact:

In case registrations are left open for anyone to signup to your Jira Instance, depending on the in-app permissions set, it could mean that new users get access to internal-only resources, such as support tickets, company metrics or even personal identifiable information (PII) of customers or clients.

References:

https://confluence.atlassian.com/adminjiraserver072/enabling-public-signup-and-captcha-828787685.html

PreviousAtlassian Jira NextAtlassian Jira Email Visibility

Last updated 2 months ago