It is possible that anyone can signup in your Atlassian Jira instance due to a misconfiguration in the domain allow list.
You can cross-check if user registration is open for anyone by navigating to the following app route:
/secure/Signup!default.jspa
Make sure to set the proper setting for new signups. One way to do so is:
- Visit your Atlassian Jira Instance
- Next, open up your settings by clicking on the gear icon next to your profile
- Select Products under Jira Settings
- Select Customer Access under Jira Service Management in the side-navigation bar
- Scroll down to Portal access and select Don't allow customers to create their own accounts
- Save your settings
In case registrations are left open for anyone to signup to your Jira Instance, depending on the in-app permissions set, it could mean that new users get access to internal-only resources, such as support tickets, company metrics or even personal identifiable information (PII) of customers or clients.