[CONFCLOUD-81012] A site open to anonymous users allows former users from the site to authenticate

Type: Bug
Resolution: Unresolved
Priority: Low
Component/s: Permissions - Content (Page, Database, Whiteboard), Permissions - Space
Labels:
None

Support reference count:
1
Symptom Severity:
Major
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Issue Summary

A site open to anonymous users allows former users from the site to authenticate and see the restricted contents page titles in the recently updates macro.

Steps to Reproduce

Create a page in a space visible to anonymous users.
Restrict this page to a specific group ("users" in my case.)
Create a user and add this user to the "users" group.
Suspend this user → the user can still log in, but should not have access to content that is not visible to the anonymous users.
Log in as the suspended user: you can see the title of the restricted page inside the recently updates macro.
Remove the group "users" from the suspended user.
Log in again as this user: you no longer can see the title of the restricted page.

Workaround

Remove the user from the groups before removing the site access for the user.

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Neha Ghuraiya

Affected customers:: 1 This affects my team

Watchers:: 2 Start watching this issue

Created:: 3 days ago 12:04 PM

Updated:: 2 days ago 4:00 AM

Confluence Cloud

Details

Description

Issue Summary

Steps to Reproduce

Workaround

Attachments

Forms

Activity

People

Dates