Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-28122

Anonymous users can see page restriction data, exposing user ids and group names

    XMLWordPrintable

    Details

      Description

      If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction.

      We think it is wrong to

      • Expose uids and groups names, which are not exposed to anonymous users anywhere else.
      • Expose who can edit the page to anonymous users. The way we see it this is quite private information.

        Attachments

          Activity

            People

            Assignee:
            psemeniuk Petro Semeniuk (Inactive)
            Reporter:
            17258ffad35a Daniel Varela Santoalla
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: