Details
-
Bug
-
Resolution: Cannot Reproduce
-
Medium
-
Using Cloud editions of JIRA, JIRA Agile, Confluence, and Team Calendars. The behavior was initially observed while using Chrome on a Windows 7 PC.
-
2
-
Severity 2 - Major
-
Description
If a user has access to JIRA, but not Confluence, and try to go to a Confluence page, the access error page itself will have the hamburger menu with a full, unrestricted list of all links set up.
We have a couple links pointing to code repositories and an older, archived issue tracker. The former are restricted to internal development groups, while the latter is restricted to all internal employees. External user accounts can only see links to JIRA (if they have access to it) or Confluence (if they have access to it).
However, it's very easy for a user without Confluence access rights to find a link to a Confluence page, and once they get there, the page render ignores all navigator restrictions, and links to code repos and the old issue tracker show up in it.