the-algorithm icon indicating copy to clipboard operation
the-algorithm copied to clipboard
Published 4 months ago verified publisher icon twitter

Jira project names are exposed in the comments

Open run-crash-run opened this issue 2 years ago • 4 comments

Describe the bug In comments throughout the codebase there are references to Jira tickets. Could potentially make it easier for someone to craft a phishing email.

Examples that are referenced: SEARCHQUAL-8907 CX-2024 SD-14439 SEARCH-7329 APPSEC-2303

To Reproduce Steps to reproduce the behavior:

  1. Click into the github search tool in the top left
  2. Search for any of the tickets above
  3. Observe the result

Expected behavior Ideally the internal project names would not be exposed

Additional context Possibly you should manually evaluate the comments as they might not get read by your analysis tools

run-crash-run avatar Apr 01 '23 13:04 run-crash-run

Hello, could you perhaps create a pull request for this? We don't have enough time to implement this, and this issue is of extremely low importance as we are working on boosting engagement for Elon Musk's posts which is far more important, we hope you understand our situation.

Thank you for reporting this issue, we really appreciate it. Have a good day!

impoverishedowl avatar Apr 01 '23 13:04 impoverishedowl

@jjh42

no-identd avatar Apr 01 '23 17:04 no-identd

@guimingTang

no-identd avatar Apr 01 '23 19:04 no-identd

Can't leave your internal project names in twitta

j3bx avatar Apr 03 '23 17:04 j3bx