Details
-
Bug
-
Resolution: Fixed
-
High
-
1.2.4
-
None
Description
1. Disable Anonymous in Global permissions
2. Create a plan with anonymous access disabled
3. Make a build with artifacts
4. Copy artifact URL to clipboard
5. Log out or open another browser window
6. Paste the URL into browser
Expected: login screen or Access Denied message
Actual: artifact is vieable and downloadable
Note: it seems that download servlet isn't secured anyway.