[SERVER-79819] Private Information Is Publicly Visibile Here Created: 08/Aug/23  Updated: 05/Sep/23  Resolved: 05/Sep/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: A B Assignee: Unassigned
Resolution: Done Votes: 0
Labels: external-user
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File screenshot-1.png    
Operating System: ALL
Participants:

 Description   
  1. When not logged in, email addresses (which are usernames here) are publicly visible.
  2. There is no way to change your "Full name" if you were authenticated here with SSO. There is no password! 🤷


 Comments   
Comment by Edwin Zhou [ 05/Sep/23 ]

Hi,

The SERVER project is for reporting bugs in the MongoDB server.

I took a look into CSHARP-4745, and it is unfortunate that JIRA is displaying your email for you unexpectedly. However, as mentioned by my colleague James in that ticket, usernames come from the single sign-on providers and that username is the email address. Unfortunately username and email address are inextricably linked given how the SSO providers integrate with JIRA.

I will have to reiterate my colleagues recommendation to use an alternate email address created for JIRA logins and notifications. Since this ticket is not a bug report related to the MongoDB server, I will now close this ticket.

Kind regards,
Edwin

Comment by A B [ 13/Aug/23 ]

EDIT

  1. When not logged in, email addresses (which are usernames here) are publicly visible in comments after the use of @USERNAME
    • Now only names are visible since mentioning this here ...
    • But if you hover over the names / inspect the name hyperlinks, you can still see the email addresses.
    • This is bad because there are bots scraping the internet for email addresses to target with malicious emails.
  2. There is no way to change your "Full name" if you were authenticated here with SSO. There is no password! 🤷
Generated at Thu Feb 08 06:41:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.