Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-32680

Restricted JIRA comments appear in Confluence notification inbox

    XMLWordPrintable

Details

    Description

      If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment.

      This is a significant permissions/security hole in linked JIRA/Confluence environments.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-36766 JIRA sends in-app notifications to Confluence for restricted comments

          • High - High priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-29354 Mention notifications do not respect the "Viewable by" security level restriction set on a comment

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              drizzuto David Rizzuto
              976bf79d227b Nate Homitsky
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: