Intended by design
- Anonymous users can use checklists. Such users can upload images, add notes, and check tasks.
- The ability to have public checklists includes that people with the URL of a public checklist can view comments, checked tasks, uploaded images, and analyze them. That's not an error but a measure to make public checklists more accessible. Also to users outside of the Atlassian ecosystem.
- Uploaded images include GPS EXIF Metadata which can include the location of pictures taken. While you may find that this can be a challenge from a privacy perspective we need to highlight that our product is a checklist product. Checklists try to improve reliability and quality in processes by checking, controlling and tightly managing tasks. The ability to see where a picture was taken will be shown in the app one day. We will not strip away this information. We will make it easier accessible in the future. It's a way to control, that the checklist was filled out at exactly the place that I want to have it filled out.
The information on this page is provided for informational purposes only and does not represent a comprehensive list of all potential security risks or vulnerabilities for your Checklists app in the Atlassian Cloud platform. Customers should consult with their security teams and follow their own internal security policies and guidelines. You can always contact us with your questions.