Details
-
Bug
-
Resolution: Duplicate
-
Medium
Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
You can navigate directly to the attach screenshot page and even if you son't have permission you can view the page.
you can't attach a screenshot, but you can see the page. There is no information leak.
You can also specify an invalid issue id.
Attachments
Issue Links
- duplicates
-
JRACLOUD-21878 Screenshot applet is still accessible from view issue after session timeout.
- Closed
- is related to
-
JRASERVER-22170 Attach Screenshot page not protected by permission
- Closed