Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-1996

Anonymous user is able to download artifacts even if Anonymous mode is disabled both at global level and plan level

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • 2.0 beta 4, 2.0
    • 1.2.4
    • Security
    • None

    Description

      1. Disable Anonymous in Global permissions
      2. Create a plan with anonymous access disabled
      3. Make a build with artifacts
      4. Copy artifact URL to clipboard
      5. Log out or open another browser window
      6. Paste the URL into browser
      Expected: login screen or Access Denied message
      Actual: artifact is vieable and downloadable

      Note: it seems that download servlet isn't secured anyway.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. BAM-2548 Artifacts are not restricted by removing global anonymous access

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. BAM-1944 Users should not be able to view plans if Global Anonymous access is disabled.

          • High - High priority issues
          • Closed

          Activity

            People

              mark@atlassian.com MarkC
              75c611d0953c Eugene Gavrilov
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 4h
                  4h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 4h
                  4h