Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-14564

Anonymous users can use plugins to bypass restrictions to access User Profile information

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Low
    • None
    • 3.0
    • None

    Description

      Set the permissions so that anonymous users cannot see the User Profiles

      Example: Install the Metadata 2 plugin, and use wiki markup:

      {users-report:User,Location,Email,Extension,Cell Phone}

      If the page is visible to an anonymous user, then they are able to see the information from the user profile.

      This information is supposed to be restricted by the permissions, and this should also be respected by macros.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-13276 Restrict anonymous users from viewing user profiles.

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: