Creating a "Live Docs page" enables the creation of Invitation Links at the organizational level

XMLWordPrintable

    • 4
    • Severity 2 - Major
    • 95

      Issue Summary

      Creating a "Live Docs page" enables the creation of Invitation Links at the organizational level. Although the Invitation link is not easy to guess, still this poses a security risk. 

      Steps to Reproduce

      1. Check the Invitation Links and disable them from this page: https://admin.atlassian.com/o/\{org-id}/app-access-settings > Invitation links
      2. Add a live doc Page in your Confluence site, once it's saved
      3. Check the status of  the Invitation links from here: https://admin.atlassian.com/o/\{org-id}/app-access-settings >

      Expected Results

      1. Live doc should not override the org admin setting for https://admin.atlassian.com/o/\{org-id}/app-access-settings >Invitation links
      2. If Live Doc can't work without enabling this, we should ask the org admin to allow it to or inform the org admin about this.

      Actual Results

      Workaround

      • Manually turn off the Invitation links after creating the live doc (very difficult to turn them off after every time a live doc is created)

              Assignee:
              Sinduja Jagadeesan
              Reporter:
              Avrinder Singh
              Votes:
              17 Vote for this issue
              Watchers:
              21 Start watching this issue

                Created:
                Updated:
                Resolved: