Issue Details (XML | Word | Printable)

Key: JRA-13302
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Unassigned
Reporter: Teemu Qvick
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
JIRA

It is possible to see components without logging in

Created: 10/Aug/07 06:43 PM   Updated: 16/Aug/07 06:23 PM
Component/s: Security
Affects Version/s: 3.10.1
Fix Version/s: 3.10.2

Time Tracking:
Not Specified

Environment:
Edition Enterprise
Version 3.10.1
Build Number 261
Installation Type JIRA Standalone

Participants: Andreas Knecht [Atlassian], Brad Baker [Atlassian] and Teemu Qvick
Since last comment: 1 year, 7 weeks, 4 days ago
Resolution Date: 16/Aug/07 06:23 PM
Labels:


 Description  « Hide
It is possible to see project's components without logging in by just guessing urls, e.g. [jira-installation]/browse/KEY/component/10881.

This will show all the information written on component (issues are not shown). This should be restricted so that it is impossible to see any project information without correct permissions.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Andreas Knecht [Atlassian] added a comment - 12/Aug/07 06:24 PM
Thanks for pointing this out Teemu! We'll fix it as soon as possible.

[ Permlink | « Hide ]
Brad Baker [Atlassian] added a comment - 16/Aug/07 06:23 PM
Fixed


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators