Bug
The ArcGIS Portal Directory REST API reveals user information and allows for user enumeration via the user resource endpoint, even when accessed anonymously.
| Bug ID Number | BUG-000171101 |
|---|---|
| Submitted | September 30, 2024 |
| Last Modified | October 3, 2024 |
| Applies to | Portal for ArcGIS |
| Version found | 11.1 |
| Operating System | Windows Server |
| Operating System Version | 2022 |
| Status | As Designed |
Additional Information
When the portal is configured to share content with the public, it is necessary to wait for anonymous users to decide whether they trust the content. One aspect of trust is knowing who shared that content. This means that it is necessary for anonymous users to know the names of users who are creating content, adding comments, etc. This is a security feature that is common in most products that share content with the public.Steps to Reproduce
Bug ID: BUG-000171101
Software:
- Portal for ArcGIS
Get notified when the status of a bug changes
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App