Details
-
Bug
-
Resolution: Fixed
-
High
-
3.7.1
-
Linux 2.6.9-11.ELsmp
-
3.07
-
Description
Security has been set to only allow up load of attachments to authenticated JIRA users. When a user session is timed out they are still able to upload attachments. If you provide a URL to upload attachment and your not logged in you are still able to add attachments.