Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-14564

Anonymous users can use plugins to bypass restrictions to access User Profile information

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Low Low
    • None
    • 3.0
    • None

      Set the permissions so that anonymous users cannot see the User Profiles

      Example: Install the Metadata 2 plugin, and use wiki markup:

      {users-report:User,Location,Email,Extension,Cell Phone}

      If the page is visible to an anonymous user, then they are able to see the information from the user profile.

      This information is supposed to be restricted by the permissions, and this should also be respected by macros.

            Unassigned Unassigned
            mhrynczak Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: